...
Just to clarify, since Paul seems to have misunderstood, I have nothing
to do with administering slashdot.org or any of the other domains I
listed. Those were just examples. I'm not connected with them, and
they mostly have nothing to do with each other as well. And I don't
think
On Monday, May 23, 2005, 5:20:10 PM, List User wrote:
A similar idea, without the back-channel flaw is to test the
domain for either 'CNAME' or 'A' record `wildcards' (as in the command
dig '*.spammer_domain.tld' a and dig '*.spammer_domain.tld' cname).
This is an excellent spam sign
On Monday, May 23, 2005, 4:59:14 PM, Justin Mason wrote:
We did actually have an A of domain name test during 3.0.0 development,
I think, but dropped it for various reasons:
- - if a spammer were to use a hostname like
jm_at_jmason_dot_org.spamdomain.com, they get a free backchannel to
On Tuesday, May 24, 2005, 2:19:47 AM, List User wrote:
Jdow's point about very long chains of subdomains is real - It is too bad
that there is not a common syntax for allow anything 1 or N levels deep,
just the allow anything case.
Is there an SA rule to detect URIs that have ridiculously
Someone else posted this sample to the list concerning a spam they had
recieved
and some header problems. Forgive me for stealing the message and
adding it to
this thread, but using the method I suggested earlier is quite effective.
Test output:
PASS 1...mfcpjs.mywealthbiz.info
Wildcard
List Mail User wrote:
Also, just curious, but do you have problems with the forward
and reverse DNS of you mail servers not mapping together (ex. mail.dailykos.com
maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
particular do you have problems with ISPs like AOL?).
...
List Mail User wrote:
Also, just curious, but do you have problems with the forward
and reverse DNS of you mail servers not mapping together (ex.
mail.dailykos.com
maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
particular do you have problems with ISPs
I'd like to contribute some research I've done on spam that doesn't use
traditional bayes filters or other scoring methods nor traditional DNS BLs. Its
either spam or its not, but I'd like to see this technique in spamassasin,
possibly with really high scores for things that this method says are
On Mon, May 23, 2005 at 06:45:12PM -0500, [EMAIL PROTECTED] wrote:
Here's the algorithm:
1 Decode any URL-encoding in the message
2 Un-MIME the message
Wrong order?
3 Scan all parts of the message for URLs and email addresses (this can be
links, IMG tags, mailto:'s, or even just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo Van Dinter writes:
On Mon, May 23, 2005 at 06:45:12PM -0500, [EMAIL PROTECTED] wrote:
Here's the algorithm:
1 Decode any URL-encoding in the message
2 Un-MIME the message
Wrong order?
3 Scan all parts of the message for
Quoting Justin Mason [EMAIL PROTECTED]:
- - if a spammer were to use a hostname like
jm_at_jmason_dot_org.spamdomain.com, they get a free backchannel to
verify that I was (a) using SpamAssassin to filter to my mail, and (b)
that that address is valid. So blindly resolving the full
Quoting Justin Mason [EMAIL PROTECTED]:
A similar idea, without the back-channel flaw is to test the
domain for either 'CNAME' or 'A' record `wildcards' (as in the command
dig '*.spammer_domain.tld' a and dig '*.spammer_domain.tld' cname).
This is an excellent spam sign (the host
List Mail User wrote:
Legitimate domains will use wildcards for 'NS', 'MX' and even
occasionally for some more obscure records, but an 'A' or 'CNAME'
record is nearly always a spammer.
Do you have any statistics for that? I administer plenty of domains
that have wildcard A records, and I'm
13 matches
Mail list logo
