I guess this
qualifies as things that make you go h...
http://www.mailserveruser.com/email_deployment.html
Regards,
Kami
You mean H this company is
using zombies
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Kami Razvan
Sent: Tuesday, January 20, 2004
7:19 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail]
Interesting concept..
I guess this qualifies
Guess they have 60,000 very very greedy
individuals. Of course they also have probably 60,000 people violating their
Terms of Service so when I report them through SpamCop they are likely to lose
their DSL / Cable line if they have a respectable ISP.
http://www.virtualmda.com/
--Joshua
It's a very good way for them to get around IP blacklists.
I wonder how the headers look. Pretty much legit, I would guess.
Content is king!
Now if only I could remember who said that
I could have been _M, but it wasn't.
-Dave Doherty
Skywaves, Inc.
- Original Message -
Title: Message
Yeah
those are definitely tripped out zombie machines.
But im
impressed how they really try to be "polite" when talking to our mail
servers!
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of marc catuognoSent: Tuesday,
I've collected some information about this
"concept":
On http://www.virtualmda.com/services.htmis a "how it works" for their client called
"VirtualMDA"
This
about the revenues for VirtualMDA users:"2.Payment. Upon completing the registration procedure, you
will be given a unique
Just caught this one looking through the helds. I can only imagine how many
people would click through this and open whatever it is they are trying to
give you.
Received: from hvebm [62.194.139.167] by mail.prudentialrand.com
(SMTPD32-7.15) id AEB556A00A2; Mon, 19 Jan 2004 18:56:37 -0500
http://www.pandasoftware.com/support/card.aspx?idSolucion=idProducto=idNe
cesitoAyuda=idDeseo=id=1576IdIdioma=2
Above link might wrap
~Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of marc catuogno
Sent: Tuesday, January 20, 2004 8:19 AM
To:
Received: from ameritech.net [68.72.160.189] by mail.prudentialrand.com
(SMTPD32-7.15) id A4E6AF20096; Sun, 18 Jan 2004 19:29:26 -0500
Received: from adsl-68-72-160-189.dsl.chcgil.ameritech.net
(adsl-68-72-160-189.dsl.chcgil.ameritech.net [68.72.160.189])
by ameritech.net
I have literally received hundreds of these and sent a couple of samples to
US Bank.
Their response:
We appreciate your attention in reporting a suspicious email that you
received. U.S. Bank would never distribute an unsolicited mail requesting
confidential information from our
I am currently using the per user setting on some of my users. I have a
question before I go any further with creating the personal .junkmail files.
If I have tests 1,2,3,4 defined in my Global.Cfg file and I have only test
1,2 defined in my user.junkmail file am I correct to say that it will
I am currently using the per user setting on some of my users. I have a
question before I go any further with creating the personal .junkmail files.
If I have tests 1,2,3,4 defined in my Global.Cfg file and I have only test
1,2 defined in my user.junkmail file am I correct to say that it will
Throw the following in an ipfile filter and it should take care of the
problem :)
63.254.68.0/22 Virtumundo/vmlocal.com/adknow-net.com (Spam
House) [63.254.68.0 - 63.254.71.255] 01/17/2003
65.164.176.192/26 Virtumundo/vmlocal.com/adknow-net.com (Spam House)
[65.164.176.192 - 65.164.176.255]
Kami,
Maybe you already know this but just in case you or others don't,
mailserveruser.com is a domain that belongs to Green Horse Corporation (aka
atriks.com). There is quite a list of domains (60+?) that this group of scum
own. I made a filter looking for those domains in the body of the email
Funny how these companies have 100 different names :) I think I've
shared these before, but here's some lines that work on Green Horse
Corporation:
NOTE: replace $ with a dot (changed not to trip some filters).
# Green Horse Corporation (SBL12495)
BODY28CONTAINS/img/c$0/
BODY
Marc,
Would you share your filter? Save me some efforts!
Thanks
-Nick
From: Marc Hilliker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: [Declude.JunkMail] Interesting concept..
Date sent: Tue, 20 Jan 2004
The following filters were updated, however they can only be used with
Declude JunkMail Pro v1.77i7+. Using them with previous versions of
JunkMail Pro can result in disabling the filters completely.
OBFUSCATION v2.1.0
Contains new strings to detect extra zeros in HTML encoding.
Hi;
Can a domain name
have underscore in it?
If not then we
should really be in a position not to accept email from domain names that are
invalid...
A test that checks
for such validity would be great considering we can NOT filter on the domain
namealone.
Please_don'[EMAIL PROTECTED]
Kami,
That's not valid. I've also seen some from jsmith@ which I
believe is invalid as well.
to my knowledge, domain names can only have a hyphen or alphanumeric
characters. I believe that they can't begin with a hyphen either.
They also can't be shorter than two characters except for x.com
Hi Matt:
Mailfrom? how?
emails can contain underscore.. we can not filter on the domain only.. or
can we?
Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Tuesday, January 20, 2004 1:36 PMTo:
[EMAIL PROTECTED]Subject: Re: [Declude.JunkMail]
Underscore in
I don't think Mailfrom can do it because parsing is limited.
In Message Sniffer I can code
@$+\_$+\.com
...which means any underscore bounded by any number of letters between an
@ and a dotcom.
I want to research a bit more before pulling the trigger on this but it
looks like a good rule.
I will
I was actually talking about the built in technical test in Declude
that checks for a legitimate domain name, MAILFROM. I just checked and
in fact an empty domain following the @ will trigger MAILFROM, which is
good. I would imagine that the same test should detect the underscore
since these
Underscores can be valid but they were made an
acceptable character because of SRV records. Still someone could have a
mailserver with an _ in the domain. (I think anyway.)
http://www.faqs.org/rfcs/rfc2782.html
--Joshua Levitsky, MCSE, CISSPSystem EngineerTime Inc.
Information
My company currently uses Declude JunkMail AntiVirus and we're starting a
new project that will require similar software. I was wondering if anyone
on here has used other email filtering software that you gave up in favor of
Declude, and if so, why?
Spencer Salva
Systems Analyst
Solimar
Yes. Imail! Go with Declude, you won't be sorry.
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Spencer Salva
Sent: Tuesday, January 20, 2004 4:01
I just came across the following block:
129.250.156.0/24
This belongs to iVillage, and it includes Astrology.com as well as spam
sources webstakes.com and twnailsvc.com. Webstakes.com has a different
postal address from iVillage, but twnailsvc.com is registered to the
same exact address.
Hello all,
If you get a Paypal phish, you should immediately report it to Paypal.
Let me know if you need assistance in finding the right e-mail address
to send it to. Please report abuse related to Bonded IP addresses to
[EMAIL PROTECTED]
All of these complaints go directly to me. They will
They're at least a self-inflicted nuisance, but I don't know if they're
spammers. I lump e-mail advertising their websites in the same category and
weighting as geocities.com and angelfire.com ... but I can do that because
we're not an ISP.
Andrew.
-Original Message-
From: Matt
I haven't found a good comparison on the web between SFU (was Interix) and
CygWin, but there are lots of snippets. Here's one good one that is a thread
responding to an announcement of SFU back at v3.0 :
http://www.entmag.com/news/article.asp?EditorialsID=6047
If all you're wanting is to get
Well I've got 3.0 here.. Haven't given it much use yet.. From what I
understand it will support about 2000 UNIX api's, about 350 command line
utils, c-shell, etc. It's not an emulation layer so, hopefully it won't
gobble up the ram. Would be a neat way to make w2k more useful without the
mega
I would like to run SPAMD on W2k/XP/2003 instead of Linux in the
long run
You should give CygWin a try and assess the results first, I'd think.
--Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems,
They have serious problems getting through regardless of my actions.
Even crediting them 100% of my hold weight, the last hit on them came
through 60% above my hold weight due to extensive RBL listings and Sniffer.
I looked through 10 pages of abuse reports on Google and it appears that
they
32 matches
Mail list logo