Last active
June 24, 2022 14:43
-
-
Save teusink/73283b721e4fa9ef37b26db988763acd to your computer and use it in GitHub Desktop.
Content Examination definition to detect machine sent emails
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Microsoft | |
| # WARNING: These are not headers that indicate an auto-reply, but headers that request the recipient to NOT send an auto-reply back | |
| # 1 "X-Auto-Response-Suppress: All" | |
| # 1 "X-Auto-Response-Suppress: AutoReply" | |
| # 1 "X-Auto-Response-Suppress: DR" | |
| # 1 "X-Auto-Response-Suppress: NDR" | |
| # 1 "X-Auto-Response-Suppress: NRN" | |
| # 1 "X-Auto-Response-Suppress: OOF" | |
| # 1 "X-Auto-Response-Suppress: RN" | |
| # RFC 3834 | |
| 1 "Auto-Submitted: auto-generated" | |
| 1 "Auto-Submitted: auto-notified" | |
| 1 "Auto-Submitted: auto-replied" | |
| # MTAs; Microsoft IIS' SMTP service | |
| 1 "Return-Path: <<>>" | |
| 1 "Return-Path: <>" | |
| # Mailing Lists | |
| 1 regex (List-Archive: <) | |
| 1 regex (List-Help: <) | |
| 1 regex (List-Id: <) | |
| 1 regex (List-ID: <) | |
| 1 regex (List-Owner: <) | |
| 1 regex (List-Post: <) | |
| 1 regex (List-Subscribe: <) | |
| 1 regex (List-Unsubscribe: <) | |
| 1 regex (Mailing-List <) | |
| 1 "Precedence: list" | |
| 1 "X-Mailing-List" | |
| 1 "X-Precedence: list" | |
| # Other | |
| 1 "Delivered-To: Autoresponder" | |
| 1 "Precedence: auto_reply" | |
| 1 "Precedence: bulk" | |
| 1 "X-AMAZON-MAIL-RELAY-TYPE: notification" | |
| 1 "X-Autogenerated" | |
| 1 "X-Autoreply: yes" | |
| 1 "X-AutoReply-From" | |
| 1 "X-Autorespond" | |
| 1 "X-Facebook-Notify " | |
| 1 "X-FC-MachineGenerated: true" | |
| 1 "X-Mail-Autoreply" | |
| 1 "X-Mailer: MediaWiki mailer" | |
| 1 "X-MC-System: =" | |
| 1 "X-POST-MessageClass: 9; Autoresponder" | |
| 1 "X-Precedence: auto_reply" | |
| 1 "X-Precedence: bulk" | |
| # | |
| # WARNING: Using email-address based filtering the false positive rate goes up! | |
| # | |
| # Email-addresses, based on RFC 2142 | |
| 1 "ftp@" | |
| 1 "hostmaster@" | |
| 1 "news@" | |
| 1 "noc@" | |
| 1 "postmaster@" | |
| 1 "security@" | |
| 1 "usenet@" | |
| 1 "uucp@" | |
| 1 "webmaster@" | |
| 1 "www@" | |
| # Email-addresses, inspired by RFC 2142 | |
| 1 "abuse@" | |
| 1 "admin@" | |
| 1 "administrator@" | |
| 1 "antispam@" | |
| 1 "bounce@" | |
| 1 "bounced@" | |
| 1 "domains@" | |
| 1 "donotreply@" | |
| 1 "do-not-reply@" | |
| 1 "mailer-daemon@" | |
| 1 "no_reply@" | |
| 1 "noreply@" | |
| 1 "no-reply@" | |
| 1 "privacy@" | |
| # Sources | |
| # https://msdn.microsoft.com/en-us/library/ee219609%28v=exchg.80%29.aspx?f=255&MSPPError=-2147217396 | |
| # https://tools.ietf.org/rfc/rfc3834 | |
| # https://community.mimecast.com/s/article/Configuring-Auto-Response-Definitions-and-Policies | |
| # https://www.iana.org/assignments/auto-submitted-keywords/auto-submitted-keywords.xml | |
| # https://github.com/jpmckinney/multi_mail/wiki/Detecting-autoresponders | |
| # https://www.ietf.org/rfc/rfc2142.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment