|
|
Outlook rewrites subject line to "SPAM: [original subject]"
The word 'Spam' is generally appended by either the recepients anti spam/AV
application or their ISP's filters Its unlikely to be anything to do with the senders PC, and certainly not Outlook "noctufaber" wrote in message ... I'm working with a customer of mine who I believe has some form of malware on his machine that is rewriting the subject line for all of his outbound emails. Here are the symptoms. 1. The office has quite a few users and they all use the same SMTP server. Only one user is has this problem. 2. When the problem user composes an email with a certain subject, the recipient receives the email, but the subject is always preceded with SPAM: 3. The mail headers show that Spam Assassin looked at it, but scored it as non-spam. Has anyone heard of or seen anything like this? Does any have any ideas how to fix it? I have included the mail headers below (with slight modifications to protect the innocent): From - Wed Jul 2 22:31:32 2008 X-Account-Key: account5 X-UIDL: 1215019732.12766.avenger.weirdwares.com,S=3626 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: Delivered-To: Received: (qmail 12764 invoked by uid 89); 2 Jul 2008 17:28:52 -0000 Received: by simscan 1.3.1 ppid: 12743, pid: 12744, t: 3.2986s scanners: attach: 1.3.1 clamav: 0.92/m:45/d:5110 spam: 3.1.7 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on avenger.weirdwares.com X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_20,HTML_MESSAGE, RDNS_NONE autolearn=no version=3.2.4 Received: from unknown (HELO problemuser.com) (127.0.0.1) by avenger.weirdwares.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Jul 2008 17:28:48 -0000 Received-SPF: pass (avenger.weirdwares.com: SPF record at problemuser.com designates 127.0.0.1 as permitted sender) Received: from ADPFINANCE ([127.0.0.1]) by lasvegasferrari.com (8.12.11/8.12.11) with ESMTP id m62HSlM9017683 for ; Wed, 2 Jul 2008 12:28:48 -0500 Reply-To: From: "Problem User" To: "'Support User'" Subject: SPAM: Website Date: Wed, 2 Jul 2008 11:24:25 -0600 Message-ID: 049d01c8dc68$7a103090$0490a8c0@ADPFINANCE MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_049E_01C8DC36.2F75C090" X-Mailer: Microsoft Office Outlook 11 thread-index: AcjcaHl8gIrxSrn5TmqGq4RNiT0f5g== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 This is a multi-part message in MIME format. ------=_NextPart_000_049E_01C8DC36.2F75C090 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit -- noctufaber |
Outlook rewrites subject line to "SPAM: [original subject]"
While its very common for it to happen by mail server filtering, a 3rd party
antispam filter installed on the workstation could also be doing it. -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Need Help with Common Tasks? http://www.outlook-tips.net/beginner/ Outlook 2007: http://www.slipstick.com/outlook/ol2007/ Outlook Tips by email: Outlook Tips: http://www.outlook-tips.net/ Outlook & Exchange Solutions Center: http://www.slipstick.com Subscribe to Exchange Messaging Outlook newsletter: ** Please include your Outlook version, Account type, and Windows Version when requesting assistance ** "DL" address@invalid wrote in message ... The word 'Spam' is generally appended by either the recepients anti spam/AV application or their ISP's filters Its unlikely to be anything to do with the senders PC, and certainly not Outlook "noctufaber" wrote in message ... I'm working with a customer of mine who I believe has some form of malware on his machine that is rewriting the subject line for all of his outbound emails. Here are the symptoms. 1. The office has quite a few users and they all use the same SMTP server. Only one user is has this problem. 2. When the problem user composes an email with a certain subject, the recipient receives the email, but the subject is always preceded with SPAM: 3. The mail headers show that Spam Assassin looked at it, but scored it as non-spam. Has anyone heard of or seen anything like this? Does any have any ideas how to fix it? I have included the mail headers below (with slight modifications to protect the innocent): From - Wed Jul 2 22:31:32 2008 X-Account-Key: account5 X-UIDL: 1215019732.12766.avenger.weirdwares.com,S=3626 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: Delivered-To: Received: (qmail 12764 invoked by uid 89); 2 Jul 2008 17:28:52 -0000 Received: by simscan 1.3.1 ppid: 12743, pid: 12744, t: 3.2986s scanners: attach: 1.3.1 clamav: 0.92/m:45/d:5110 spam: 3.1.7 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on avenger.weirdwares.com X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_20,HTML_MESSAGE, RDNS_NONE autolearn=no version=3.2.4 Received: from unknown (HELO problemuser.com) (127.0.0.1) by avenger.weirdwares.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Jul 2008 17:28:48 -0000 Received-SPF: pass (avenger.weirdwares.com: SPF record at problemuser.com designates 127.0.0.1 as permitted sender) Received: from ADPFINANCE ([127.0.0.1]) by lasvegasferrari.com (8.12.11/8.12.11) with ESMTP id m62HSlM9017683 for ; Wed, 2 Jul 2008 12:28:48 -0500 Reply-To: From: "Problem User" To: "'Support User'" Subject: SPAM: Website Date: Wed, 2 Jul 2008 11:24:25 -0600 Message-ID: 049d01c8dc68$7a103090$0490a8c0@ADPFINANCE MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_049E_01C8DC36.2F75C090" X-Mailer: Microsoft Office Outlook 11 thread-index: AcjcaHl8gIrxSrn5TmqGq4RNiT0f5g== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 This is a multi-part message in MIME format. ------=_NextPart_000_049E_01C8DC36.2F75C090 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit -- noctufaber |
Thanks for checking into this. I believe it is likely a 3rd party tool on the workstation too. Does anyone know why a third part tool would mark your outbound emails with SPAM: in the subject? Does anyone know what tools do this?
Thanks, Quote:
|
Outlook rewrites subject line to "SPAM: [original subject]"
Check the workstation for antispam applications.
-- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Need Help with Common Tasks? http://www.outlook-tips.net/beginner/ Outlook 2007: http://www.slipstick.com/outlook/ol2007/ Outlook Tips by email: Outlook Tips: http://www.outlook-tips.net/ Outlook & Exchange Solutions Center: http://www.slipstick.com Subscribe to Exchange Messaging Outlook newsletter: ** Please include your Outlook version, Account type, and Windows Version when requesting assistance ** "noctufaber" wrote in message ... Thanks for checking into this. I believe it is likely a 3rd party tool on the workstation too. Does anyone know why a third part tool would mark your outbound emails with SPAM: in the subject? Does anyone know what tools do this? Thanks, Diane Poremsky {MVP};249821 Wrote: While its very common for it to happen by mail server filtering, a 3rd party antispam filter installed on the workstation could also be doing it. -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Need Help with Common Tasks? http://www.outlook-tips.net/beginner/ Outlook 2007: http://www.slipstick.com/outlook/ol2007/ Outlook Tips by email: Outlook Tips: http://www.outlook-tips.net/ Outlook & Exchange Solutions Center: http://www.slipstick.com Subscribe to Exchange Messaging Outlook newsletter: ** Please include your Outlook version, Account type, and Windows Version when requesting assistance ** "DL" address@invalid wrote in message ...- The word 'Spam' is generally appended by either the recepients anti spam/AV application or their ISP's filters Its unlikely to be anything to do with the senders PC, and certainly not Outlook "noctufaber" wrote in message ...- I'm working with a customer of mine who I believe has some form of malware on his machine that is rewriting the subject line for all of his outbound emails. Here are the symptoms. 1. The office has quite a few users and they all use the same SMTP server. Only one user is has this problem. 2. When the problem user composes an email with a certain subject, the recipient receives the email, but the subject is always preceded with SPAM: 3. The mail headers show that Spam Assassin looked at it, but scored it as non-spam. Has anyone heard of or seen anything like this? Does any have any ideas how to fix it? I have included the mail headers below (with slight modifications to protect the innocent): From - Wed Jul 2 22:31:32 2008 X-Account-Key: account5 X-UIDL: 1215019732.12766.avenger.weirdwares.com,S=3626 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: Delivered-To: Received: (qmail 12764 invoked by uid 89); 2 Jul 2008 17:28:52 -0000 Received: by simscan 1.3.1 ppid: 12743, pid: 12744, t: 3.2986s scanners: attach: 1.3.1 clamav: 0.92/m:45/d:5110 spam: 3.1.7 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on avenger.weirdwares.com X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_20,HTML_MESSAGE, RDNS_NONE autolearn=no version=3.2.4 Received: from unknown (HELO problemuser.com) (127.0.0.1) by avenger.weirdwares.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Jul 2008 17:28:48 -0000 Received-SPF: pass (avenger.weirdwares.com: SPF record at problemuser.com designates 127.0.0.1 as permitted sender) Received: from ADPFINANCE ([127.0.0.1]) by lasvegasferrari.com (8.12.11/8.12.11) with ESMTP id m62HSlM9017683 for ; Wed, 2 Jul 2008 12:28:48 -0500 Reply-To: From: "Problem User" To: "'Support User'" Subject: SPAM: Website Date: Wed, 2 Jul 2008 11:24:25 -0600 Message-ID: 049d01c8dc68$7a103090$0490a8c0@ADPFINANCE MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_049E_01C8DC36.2F75C090" X-Mailer: Microsoft Office Outlook 11 thread-index: AcjcaHl8gIrxSrn5TmqGq4RNiT0f5g== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 This is a multi-part message in MIME format. ------=_NextPart_000_049E_01C8DC36.2F75C090 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit -- noctufaber- - -- noctufaber |
| All times are GMT +1. The time now is 11:33 AM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 2.4.0
Copyright ©2004-2006 OutlookBanter.com