ColdFusion Muse

Interesting Mail Headers

Mark Kruger October 30, 2008 1:07 PM Coldfusion Tips and Techniques Comments (5)

My good friend Jake Churchill was surfing dev shed and he found this post regarding cfmail. The question is pretty easy, but one of the comments further down caught his eye. A user named mackindlays makes the statement that "Many mail services bounce CF generated mails now". Personally I do not believe there is any evidence that mail servers bounce CF generated mail any more than .NET generated mail or PHP generated mail etc. Perhaps mail servers score mail that is obviously sent from a web server as "more likely to be spam". Certainly that was a contention of my previous post on the subject. At any rate, his solution was to spoof the mail headers for Microsoft Exchange using CFMAILPARAM.

<cfmailparam name="X-MimeOLE" value="Produced By Microsoft Exchange V6.5.7226.0">
<cfmailparam name="X-MS-Has-Attach" value="yes">
<cfmailparam name="X-MS-TNEF-Correlator" value="">
<cfmailparam name="Content-class" value="urn">
<cfmailparam name="content-classes" value="message">
I have no idea if this will work or be successful (I'll let my readers know what I find out). But this rather un-muse like solution is perhaps one more arrow in the quiver of folks trying to send legitimate email.

  • Share:

Related Blog Entries


  • Rick O's Gravatar
    Posted By
    Rick O | 10/30/08 12:39 PM
    I've had personal experience doing similar hacks because of some large mailer or other that specifically blocked CF-generated mail. For a while a few years ago, and I don't know if it is still the case, Yahoo! mail was one of the big ones that did.

    I never understood the reasoning, either. I can't imagine too many spammers thinking "hey, how could we pump out more spam per hour? I know, ColdFusion!".
  • Julian Halliwell's Gravatar
    Posted By
    Julian Halliwell | 11/5/08 4:36 PM
    Hi Mark

    I understand why you might feel this is worth trying, but I personally would feel uncomfortable with what is effectively lying. By all means be economical with the truth by removing references to CF (e.g. change the default "mailerID" attribute in cfmail from "ColdFusion 8 Application Server" to a custom name) but I would like to believe that getting past spam filters is like getting search engine rankings: the best way is to be honest and not to try to fool them.

    So instead, I would favour things like trying to make sure that the IP and domain of your server is publicly verifiable by using SPF records in your DNS and a public FQDN in the CF admin/server attribute (See ). It may be that rather than CF per se, it's more the lack of an accountable domain or IP that's causing the spam alarm bells to go off.
  • mark kruger's Gravatar
    Posted By
    mark kruger | 11/5/08 4:45 PM
    Julian, let me be clear. This is not something I intend to use or have used. I'm a little uncomfortable with it too - which is why I state at the bottom:

    "...this rather un-muse like solution is perhaps one more arrow in the quiver of folks trying to send legitimate email."

    That kind of sums it up for me. I think there are folks who could make the case that mail servers never intended to exclude legitimate email just because it originated from a CF server - so this approach might correct that (slight) injustice. But it is an unmistakenly deceptive approach... so I do not disagree with what you are saying.

    Still, there are those with a stronger stomach than I who might find this useful and legitimate - and it does add to the understanding of how email is delivered, so in the information serves a useful purpose and I'm never afraid of information despite its potential nefarious uses :)
  • Brian Rideout's Gravatar
    Posted By
    Brian Rideout | 2/13/09 9:54 AM
    Just thought I'd jump in here and let everyone know that I'm seeing a similar problem. One of our mail servers uses Declude for spam filtering. Declude flags CF8 generated messages as having a Bad Header. Using the <cfmailparam... settings shown above does not fix it. I also tried changing the encoding but that didn't help either.

    Anyone else run into this? Have a solution?
  • Brian Rideout's Gravatar
    Posted By
    Brian Rideout | 2/13/09 12:05 PM
    Think I found a solution. Using a fully qualified domain name for the mail server within the ColdFusion Administrator solves the problem. Using an IP address causes an invalid Message-ID.