RE: [Declude.JunkMail] Can someone help me get this blocked?
Title: Message Hi; Some of the lessons learned ... 1: BASE64: We have any email coming with BASE64 as HOLD - simply the weight is enough to put the emial on hold.- In your case this email would be a HOLD. We hardly see any legitimate email with BASE64. 2: We have a FROMFILTER list that includes all the free emails (except hotmail yahoo.com). These get an additional weight of 5. In your case this email coming from Lycos would have had an additional weight of 5. 3: You can simply add to your FROMFILE the beginning of that email address: salestoday e.g. HEADERS5 CONTAINS salestoday this will catch that text in the header. I wish we had wildcards in the FROM filter but we don't. For now searching the header with that name will do the same. In your case this would have definitely caught the mail since the salestoday can hardly be considered coming from a legit address. An additional weight of 10 to this text would solve your problem. With any of these additions you can easily elevate this email. One idea that has worked great for us is the separation of all filters in separate files. This way we have more freedom in changing weight and figuring out what is going on. e.g. FILTER-HEADERfilterd:\IMail\Declude\IMail_Filter_Header.txtx00FILTER-MAILFROMfilterd:\IMail\Declude\IMail_Filter_MailFrom.txtx00FILTER-BODYfilterd:\IMail\Declude\IMail_Filter_TextinBody.txtx00FILTER-SUBJECTfilterd:\IMail\Declude\IMail_Filter_TextinSubject.txtx00FILTER-BODYURLfilterd:\IMail\Declude\IMail_Filter_URLinBody.txtx00FILTER-BODYPHONEfilterd:\IMail\Declude\IMail_Filter_PhoneinBody.txtx00FILTER-IPINBODYfilterD:\IMail\Declude\IMail_Filter_IPinBody.txtx300 FILTER-BODY-BLACKLISTfilterd:\IMail\Declude\IMail_Filter_BlacklistinBody.txtx200FILTER-HEADER-BLACKLISTfilterd:\IMail\Declude\IMail_Filter_BlacklistinHeader.txtx200FILTER-BODY-FREEEMAILfilterd:\IMail\Declude\IMail_Filter_FreeeMailinBody.txtx50 We simply have a different file for each filter type. Hope this helps.. Regards, Kami -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc CatuognoSent: Sunday, February 23, 2003 11:26 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Can someone help me get this blocked? These of e-mails have been flooding my hold folder. Im running Declude pro. I have a delete weight of 40 and a hold weight of 30. All this spam has been right between. Is there something I can add to either bump up this weight by about 7 or is there something unique in here that I can filter upon that I dont see? It has been coming from random IPs and the sender has been salestoday(random crap)lycos. I was thinking of bouncing anything from lycos but this will result in many bounced messages that wont get delivered. And Im not sure I just want to delete anything from lycos. Any suggestions would be greatly appreciated. Marc Received: from lycos.com [200.131.216.16] by mail.prudentialrand.com (SMTPD32-7.13) id AD41C450058; Sat, 22 Feb 2003 16:36:01 -0500 Received: from 169.142.51.247 ([169.142.51.247]) by n1.groups.yahoo.com with QMQP; Sat, 22 Feb 2003 05:45:22 - Message-ID: [EMAIL PROTECTED] From: "This information will help." [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SPAM]ADV:Need help with Marketing your Web Site? Date: Sat, 22 Feb 2003 01:49:54 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_00V8_70Y81A1B.C1122G33" X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?200.131.216.16 X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [a040010f]. X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.131.216.16 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [a040010f]. X-RBL-Warning: WEIGHT25: Weight of 33 reaches or exceeds the limit of 25. X-Declude-Sender: [EMAIL PROTECTED] [200.131.216.16] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, NOPOSTMASTER, BADHEADERS, BASE64, IPNOTINMX, REVDNS, ROUTING, WEIGHT10, WEIGHT20, WEIGHT15, WEIGHT25, WEIGHT30 --=_NextPart_000_00V8_70Y81A1B.C1122G33
RE: [Declude.JunkMail] Can someone help me get this blocked?
Title: Message Hi again... I just realized that I forgot to mention: MAILFROM 20 CONTAINSsalestoday in your filter file will also add a weight to the email. Regards, Kami -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc CatuognoSent: Sunday, February 23, 2003 11:26 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Can someone help me get this blocked? These of e-mails have been flooding my hold folder. Im running Declude pro. I have a delete weight of 40 and a hold weight of 30. All this spam has been right between. Is there something I can add to either bump up this weight by about 7 or is there something unique in here that I can filter upon that I dont see? It has been coming from random IPs and the sender has been salestoday(random crap)lycos. I was thinking of bouncing anything from lycos but this will result in many bounced messages that wont get delivered. And Im not sure I just want to delete anything from lycos. Any suggestions would be greatly appreciated. Marc Received: from lycos.com [200.131.216.16] by mail.prudentialrand.com (SMTPD32-7.13) id AD41C450058; Sat, 22 Feb 2003 16:36:01 -0500 Received: from 169.142.51.247 ([169.142.51.247]) by n1.groups.yahoo.com with QMQP; Sat, 22 Feb 2003 05:45:22 - Message-ID: [EMAIL PROTECTED] From: "This information will help." [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SPAM]ADV:Need help with Marketing your Web Site? Date: Sat, 22 Feb 2003 01:49:54 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_00V8_70Y81A1B.C1122G33" X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?200.131.216.16 X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [a040010f]. X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.131.216.16 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [a040010f]. X-RBL-Warning: WEIGHT25: Weight of 33 reaches or exceeds the limit of 25. X-Declude-Sender: [EMAIL PROTECTED] [200.131.216.16] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, NOPOSTMASTER, BADHEADERS, BASE64, IPNOTINMX, REVDNS, ROUTING, WEIGHT10, WEIGHT20, WEIGHT15, WEIGHT25, WEIGHT30 --=_NextPart_000_00V8_70Y81A1B.C1122G33
RE: [Declude.JunkMail] Can someone help me get this blocked?
Title: Message Kami, Thanks. The e-mail was already being held and Ive upped the weight of the base 64 from 4 to 8. Ive also added a filter file with some of the test you have suggested. I think you have saved me from having to review about 100 e-mails a day from this jerk. Thanks for this solution and your quick reply on a Sunday! Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Sunday, February 23, 2003 12:04 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Can someone help me get this blocked? Hi again... I just realized that I forgot to mention: MAILFROM 20 CONTAINSsalestoday in your filter file will also add a weight to the email. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc Catuogno Sent: Sunday, February 23, 2003 11:26 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Can someone help me get this blocked? These of e-mails have been flooding my hold folder. Im running Declude pro. I have a delete weight of 40 and a hold weight of 30. All this spam has been right between. Is there something I can add to either bump up this weight by about 7 or is there something unique in here that I can filter upon that I dont see? It has been coming from random IPs and the sender has been salestoday(random crap)lycos. I was thinking of bouncing anything from lycos but this will result in many bounced messages that wont get delivered. And Im not sure I just want to delete anything from lycos. Any suggestions would be greatly appreciated. Marc Received: from lycos.com [200.131.216.16] by mail.prudentialrand.com (SMTPD32-7.13) id AD41C450058; Sat, 22 Feb 2003 16:36:01 -0500 Received: from 169.142.51.247 ([169.142.51.247]) by n1.groups.yahoo.com with QMQP; Sat, 22 Feb 2003 05:45:22 - Message-ID: [EMAIL PROTECTED] From: This information will help. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SPAM]ADV:Need help with Marketing your Web Site? Date: Sat, 22 Feb 2003 01:49:54 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_00V8_70Y81A1B.C1122G33 X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?200.131.216.16 X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [a040010f]. X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.131.216.16 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [a040010f]. X-RBL-Warning: WEIGHT25: Weight of 33 reaches or exceeds the limit of 25. X-Declude-Sender: [EMAIL PROTECTED] [200.131.216.16] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, NOPOSTMASTER, BADHEADERS, BASE64, IPNOTINMX, REVDNS, ROUTING, WEIGHT10, WEIGHT20, WEIGHT15, WEIGHT25, WEIGHT30 --=_NextPart_000_00V8_70Y81A1B.C1122G33