ColdFusion Muse

Interesting Mail Headers

My good friend Jake Churchill was surfing dev shed and he found this post regarding cfmail. The question is pretty easy, but one of the comments further down caught his eye. A user named mackindlays makes the statement that "Many mail services bounce CF generated mails now". Personally I do not believe there is any evidence that mail servers bounce CF generated mail any more than .NET generated mail or PHP generated mail etc. Perhaps mail servers score mail that is obviously sent from a web server as "more likely to be spam". Certainly that was a contention of my previous post on the subject. At any rate, his solution was to spoof the mail headers for Microsoft Exchange using CFMAILPARAM.

<cfmailparam name="X-MimeOLE" value="Produced By Microsoft Exchange V6.5.7226.0">
<cfmailparam name="X-MS-Has-Attach" value="yes">
<cfmailparam name="X-MS-TNEF-Correlator" value="">
<cfmailparam name="Content-class" value="urn">
<cfmailparam name="content-classes" value="message">
I have no idea if this will work or be successful (I'll let my readers know what I find out). But this rather un-muse like solution is perhaps one more arrow in the quiver of folks trying to send legitimate email.

Related Blog Entries

Comments
Rick O's Gravatar I've had personal experience doing similar hacks because of some large mailer or other that specifically blocked CF-generated mail. For a while a few years ago, and I don't know if it is still the case, Yahoo! mail was one of the big ones that did.

I never understood the reasoning, either. I can't imagine too many spammers thinking "hey, how could we pump out more spam per hour? I know, ColdFusion!".
# Posted By Rick O | 10/30/08 12:39 PM
Julian Halliwell's Gravatar Hi Mark

I understand why you might feel this is worth trying, but I personally would feel uncomfortable with what is effectively lying. By all means be economical with the truth by removing references to CF (e.g. change the default "mailerID" attribute in cfmail from "ColdFusion 8 Application Server" to a custom name) but I would like to believe that getting past spam filters is like getting search engine rankings: the best way is to be honest and not to try to fool them.

So instead, I would favour things like trying to make sure that the IP and domain of your server is publicly verifiable by using SPF records in your DNS and a public FQDN in the CF admin/server attribute (See http://carehart.org/blog/client/index.cfm/2007/12/... ). It may be that rather than CF per se, it's more the lack of an accountable domain or IP that's causing the spam alarm bells to go off.
# Posted By Julian Halliwell | 11/5/08 4:36 PM
mark kruger's Gravatar Julian, let me be clear. This is not something I intend to use or have used. I'm a little uncomfortable with it too - which is why I state at the bottom:

"...this rather un-muse like solution is perhaps one more arrow in the quiver of folks trying to send legitimate email."


That kind of sums it up for me. I think there are folks who could make the case that mail servers never intended to exclude legitimate email just because it originated from a CF server - so this approach might correct that (slight) injustice. But it is an unmistakenly deceptive approach... so I do not disagree with what you are saying.


Still, there are those with a stronger stomach than I who might find this useful and legitimate - and it does add to the understanding of how email is delivered, so in the information serves a useful purpose and I'm never afraid of information despite its potential nefarious uses :)
# Posted By mark kruger | 11/5/08 4:45 PM
Brian Rideout's Gravatar Just thought I'd jump in here and let everyone know that I'm seeing a similar problem. One of our mail servers uses Declude for spam filtering. Declude flags CF8 generated messages as having a Bad Header. Using the <cfmailparam... settings shown above does not fix it. I also tried changing the encoding but that didn't help either.

Anyone else run into this? Have a solution?
# Posted By Brian Rideout | 2/13/09 9:54 AM
Brian Rideout's Gravatar Think I found a solution. Using a fully qualified domain name for the mail server within the ColdFusion Administrator solves the problem. Using an IP address causes an invalid Message-ID.
# Posted By Brian Rideout | 2/13/09 12:05 PM



Blog provided and hosted by CF Webtools. Blog Sofware by Ray Camden.