The originating PHP script header helps people who run shared servers
track down the source of problematic mail. The two most common cases are:
- A contact form with poor security and the option to send a copy to the
"commenter". Hackers find these and flood them.
- A completely compromised site with some mailer script buried down in a
folder that shouldn't have code (typically some image path).
Both give a quick indication of which account needs to be suspended and
what the best course for remediation should be from there.
In cPanel, the X-OutGoing-Spam-Status header is generated by hosts who
run SpamAssassin on outbound mail. As it's easily forged it's kind of
useless on the receiving side (and until a few months back was actually
scoring 0.2 on incoming) but it's generated by cPanel with no option to
disable it. It might also serve as a useful diagnostic for hosts trying
to figure out how the heck an obvious spam message managed to get sent:
if it's not there, then the message was sent by a nonstandard MTA.
On 2021-09-08 18:40, Bert Van de Poel wrote: > By default any PHP script that's sending an email will contain
> X-PHP-Originating-Script on several Linux distros, even though it's
> not the official default (see
> https://www.php.net/manual/en/mail.configuration.php , one of the
> first Google results). It's a pretty common occurrence to see that
> header in automated emails of all kinds (e.g. registration
> confirmation emails, notifications, login link emails). Alone it's a
> sign of spam nor ham, but combined with other things it can be
> interesting. The others don't ring a bell for me.
> On 8/09/2021 23:27, Loren Wilton wrote:
>> I'm getting a lot of mails with some very curious headers in them.
>> I tried searching with Google, and it has never heard of many of
>> these strings.
>> Does anyone recognize what might be generating these headers?
>> This email has been checked for viruses by AVG.
For SpamAsassin Users List