Tuesday, February 06, 2007
Hashedpuzzle headers and Outlook 2007
I noticed some new headers with messages sent by Outlook 2007. Microsoft has added the x-cr-puzzleid and x-cr-hashedpuzzle headers as part of their anti-spam measures. Not much showed up on internet searches, but I did eventually find this Microsoft document:
http://download.microsoft.com/download/7/6/b/76b1a9e6-e240-4678-bcc7-fa2d4c1142ea/csri.pdf
In essence, the sender calculates a simple hash value from some information in the message. The receiving mail server attempts to classify the message as spam or ham based on a variety of factors, and a hashedpuzzle header is added to the mix of factors. If the puzzle is correct, the message is more likely to be ham.
This simple calculation is easy for the normal mail volume of the average user, but a spam engine that is pumping out millions of messages a day will incur a CPU penalty if they want to calculate the puzzle for every message.
http://download.microsoft.com/download/7/6/b/76b1a9e6-e240-4678-bcc7-fa2d4c1142ea/csri.pdf
In essence, the sender calculates a simple hash value from some information in the message. The receiving mail server attempts to classify the message as spam or ham based on a variety of factors, and a hashedpuzzle header is added to the mix of factors. If the puzzle is correct, the message is more likely to be ham.
This simple calculation is easy for the normal mail volume of the average user, but a spam engine that is pumping out millions of messages a day will incur a CPU penalty if they want to calculate the puzzle for every message.