Jeremy C B Nicoll <Jeremy@xxxxxxxxxxxxxxxx> wrote: > In article <745e678b4e.stuart@xxxxxxxxxxxxxxxxxxxxxx>, > Stuart Painting <stuart@xxxxxxxxxxxxxxxxxx> wrote: > >> The ones I've found useful fall into three main categories: > >> 1. Blind Carbon Copy - I think these have already been mentioned. > > I don't follow how that relates to a "To:" test. If someone has sent > you mail by BCC there is no test you can sensibly do on the "To:" value. To answer the question exactly as posed: I can check for the absence of the "To:" field , or for a "To:" field with no readable content. Messages sent to mailing lists may have the name of the mailing list in the "To:" field, but I don't rely on that always being the case. > I really don't understand why so many people think that BCC means spam. Because, apart from the "mailing lists" case mentioned above, it *is* overwhelmingly likely to be spam. > Of course if you do think that and implement such a rule, unless you're > very careful checking logs, chances are you'll never notice any genuine > mail that gets deleted. A BCC from anyone on my whitelist would get through. Since I delete all other BCCs, any message BCC'd to me by someone not on my whitelist would get deleted. This is a risk I'm prepared to take. Your Mileage May Vary. > I would never, for example, if I chose to forward a joke to some > friends, explicitly expose their email addresses to each other. I > don't think I have the right to let friend x know what friend y's email > address is, even if I think these people know each other, let alone if > they do not. That's up to friend y. Most people do not want their > email addresses spread around. So I'd send the mail "To:" something > innocuous, probably myself, and BCC it to all recipients. Surely > everyone else does the same thing? No, I don't. If I were so moved to send out something to multiple recipients where I didn't want any risk of anyone knowing who else had received it, I'd send it in separate emails to each recipient in turn. I have seen too many cases where a supposedly "BCC'd" email managed to disclose the full list of recipients (by means of additional headers that the sender presumably didn't realise were there). Were this to happen in a commercially sensitive environment, the consequences could be far-reaching. BCC is a *bad* idea in my book. >> 2. Message-IDs - in my case I've used both Messenger Pro and Marcel, >> so I have rules for both cases. The Messenger Pro rule just checks >> for a fullstop before my username, while the Marcel rule looks for >> the specific four characters that my copy of Marcel inserted. > >> delete to: = *.stuart@zedtoo* >> delete to: = *mrua@zedtoo* > > In the absence of Envelope-To: (with Demon) I suppoe that's sensible. > But I think you'd be better to use the cod ethat Frank's defined to > find out who the mail was actually delivered for. What I actually do is get Demon to do it for me, by logging-in to the POP3 server for each desired username in turn. The above two tests are just to catch the spam that has the wrong value in the "To:" field (checking back it's been relatively quiet recently: only 11 such spams in the past 2 weeks). >> 3. Faulty address harvesting - one of the "address swiping" >> routines used by spammers accidentally(?) prepends the surname >> in the victim's address book to the email address. > >> delete to: = *paintingstuart@zedtoo* > > It's not faulty; Sure, in general someone could be allocating email addresses of the "surnamefirstname" variety, but what I am talking about is cases where the surname gets attached to a *genuine* email address resulting in a *nonexistent* email address being targeted.