Thread: Question about different versions of Outlook/express as indicated in theX-mailer line
View Single Post
  #2  
Old October 11th 07, 06:47 PM posted to microsoft.public.outlookexpress.general,microsoft.public.outlook
PA Bear
external usenet poster
  
Posts: 3,031
Default Question about different versions of Outlook/express as indicated in the X-mailer line
...I don't use Outlook or OE as an e-mail client. I'm focusing on
spammers who construct (forge) e-mail headers to make the e-mails
appear legit, which frequently means that they construct spams that
appear to have been sent by Outlook or OE.

I assume you meant "news message headers" and "news post" above.

X-Mailer: Microsoft Outlook Express 5.50.4922.1500

Translation: Message was sent using OE5.5 SP2. The version above
corresponds not to OE (msimn.exe) but MSOE.DLL. Nevertheless, you can
somewhat determine the version of OE by comparing the version of MSOE.DLL in
the headers to the IE versions listed in
http://support.microsoft.com/?kbid=164539; e.g., v6.00.2900.nnnn corresponds
to OE6 running in WinXP SP2; v6.00.2800.nnnn corresponds to OE6 in WinXP
SP1; etc.

Outlook (OL) doesn't natively handle NNTP news; instead, it invokes OE,
usually as /news only.

IOW, the version of MSOE.DLL you see in the headers doesn't mean the message
was constructed in any "forged" manner; it simply reflects the version of OE
(MSOE.DLL, specifically) used to post the message.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.org/


Mail Man wrote:
I've been identifying some spam based on what appears on the X-mailer
line. I don't use Outlook or OE as an e-mail client. I'm focusing on
spammers who construct (forge) e-mail headers to make the e-mails
appear legit, which frequently means that they construct spams that
appear to have been sent by Outlook or OE.

For example, I'm seeing this in some recent spam:

X-Mailer: Microsoft Outlook Express 5.50.4922.1500

Of my entire e-mail inventory (about 60k e-mails going back to 1998 -
most of it being spam) I have about 2 dozen e-mails (all of them spam)
with the above X-Mailer line.

The first occurrance of that version in my e-mail inventory was in
August 2005, and the most recent was today.

Is 5.50.4922.1500 a valid version of Outlook Express, and if so when
would it have been a current version?

Is there a chronological list of OE versions?

Ads