SpamAssassin X-Spam-Report Leaking Other Email Addresses Into My Headers?

bestpa · July 19, 2019, 12:39am

Hi, Have the latest.

I was investigating email headers when I stumbled upon the following in an email from "someone@yahoo.com" to "pbest@mymail.com". A third party, someoneunrelated@gmail.com who I communicate with separately in a whole other thread, somehow got their email address into the SMTP header? They are not on the CC or TO field list in any way.

I know this isn’t MIAB specific (maybe) but can someone make sense out of this snippet of email header?

by mail.myserver.com with LMTP id cLTWEwMFQV0QIwAAq4BsEQ
for pbest@mymail.com; Thu, 18 Jul 2019 19:47:15 -0400
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.mymail.com
X-Spam-Level:
X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Report:
* 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
* provider (someoneunrelated[at]gmail.com) (someone[at]yahoo.com)

bestpa · July 19, 2019, 12:52am

I am also concerned about the other X-Spam headers that get injected into some of my emails. One in particular scans the email for “Money… Huge Money” when there is a dollar figure associated.

Is there a way to turn off X-Spam logging into the email headers? Does that break Outlook or other clients in a way? Could an email then forwarded also leak such information to a third party? Even if dollar amounts were stripped?

For the record, I don’t have huge money .