What do the "X-Defects" headers appearing in messages mean?

  1. Home
  2. Knowledge Base
  3. GMS
  4. What do the "X-Defects" headers appearing in messages mean?

Question

I see an "X-Defects" header added to a number of messages passing through the GMS server. What do these headers mean?

Answer

These headers relate to the Message Quality feature within GMS Anti-Spam. The headers are added to all messages but they are only acted on if the check has actually been enabled.

If you enable any of the Message Quality features the settings for these are held in the system variable "messagequalitymask". Any messages containing items that are enabled will be rejected by the server. The messagequalitymask variable uses the same values as outlined below for the X-Defects header.

The figure you see in the header is a bitmask, with each bit indicating a different issue with the message. In order to see which bits are and aren’t set for a particular message you need to take the number in the header, which is in hex, and convert it to binary form. Each bit in the binary number then relates to the relevant bit in the following table.

Bit Meaning
00 Message lines not terminated by CRLF
01 Message line length exceeds RFC2822 limits
02 Attachment name is too long
03 Suspicious attachment name
04 CLSID in attachment name
05 UUEncode begin in subject
06 UUEncode begin incomplete
07 UUEncode data with blank lines
08 UUEncode data with spaces
09 UUEncode data line too long
10 UUEncode data invalid
11 UUEncode data invalid decode
12 Base64 encoding of inline text
13 Base64 data invalid
14 Base64 data invalid length
15 Base64 data has leading = signs
16 Base64 data has too many = signs
17 Base64 data after end of decode
18 Base64 data line too long
19 Binhex data in text section
20 Binhex data invalid
21 MIME no final boundary
22 8 bit characters in header field
23 MIME partial message fragment
24 MIME invalid fieldname format
25 MIME invalid message/rfc822 content type
26 MIME comment detected
27 MIME section in prolog or epilog
28 HTML component has IFrame entities
29 HTML component uses CID to load file
30 HTML component has Object entities
31 Suspicious header field
32 URL has IP not hostname
33 Message does not have required RFC822 headers
34 Attachment is empty
35 MIME Boundary is empty
36 MIME no start boundary
37 URL has been obfuscated
38 Message has no body
39 HTML has unnecessary encodings
40 MIME invalid content transfer encoding
41 MIME contains duplicate headers
42 MIME invalid RFC2047 encoding
43 MIME contains RFC2231 encodings
44 Message and MIME header lines contain invalid folding
45 Quoted Printable encoding of binary data

The online help page for Message Quality has a full explanation of each of the above meanings.

Note: The calculator included in each copy of Windows is useful for converting the numbers between hex and binary. In scientific view, select the "Hex" option, enter the number and then select the "Bin" option. The number will now be displayed in binary format.

The number should be read from right to left with the first digit representing bit 0, the second bit 1 and so on.

See Also:

Keywords:X-Defects defects message quality suspicious

Was this article helpful?

Related Articles