RE: [Declude.JunkMail] Understanding Return Codes

[Colbeck, Andrew]

Title: Message

Two major Canadian ISPs, and ComCast.net are common enough.  True, true, it is far more common for dial-up type accounts to spam through proxies, open relays, or directly to their recipients, but it does happen, and too often.  It used to be common, but ISPs have generally wised up and spammers are probably finding that the ISPs can follow the money trail to take them to court.   ISPs are also getting their mail servers blacklisted because of stupid bounces due to their lack of virus filtering or their lack of virus filtering that understands that the from address ain't necessarily the whole truth.  Doubly stupid when they bounce the whole virus message instead of just a snippet.  It was very bad with SoBig.F, but I'm still seeing the same thing with DumaRu and Swen.   Frankly I consider that since that tide has turned, it would be an excellent counterweight if Declude could tell that a customer of an ISP used the ISP's mail server.    Andrew 8) -----Original Message----- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 24, 2003 10:07 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Understanding Return Codes >> ISP mail servers that get used by spammers <<   Uhuh - so?  Which ISP is permitting/tolerating/mis-configuring their servers to be abused in that way?   I have seen very FEW spammers that MX mail from their "own" mail servers (as they would be shut down and/or blocked too easily). Nearly everyone is using proxies, open relays or otherwise hi-jacked machines - and the smaller once use consumer broadband accounts. Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone:  +1 201 934-3414 x20 (Business) Fax:    +1 201 934-9206 http://www.HM-Software.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, September 24, 2003 12:47 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Understanding Return Codes (sigh) Again I'm the voice of dissent... I find that CBL merits no higher than a weight of 5 out of my HOLD weight of 20.  I find that it includes a lot of ISP mail servers that get used by spammers.  They do seem to work at removing them, but meanwhile, it's throwing the baby out with the bath water.  I'm sure glad that Declude gives me a weighted system to work with.   Andrew 8) -----Original Message----- From: Matthew Bramble [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 9:23 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Understanding Return Codes Maybe it was just down on the day I tested it... I like pure spamtrap RBL's because clean ones have no false positives.  CBL is a good one to add if you haven't checked it out, and it produces a lot of hits (with no FP's in a week of monitoring). Bill Landry wrote: ----- Original Message ----- From: "Matthew Bramble" <[EMAIL PROTECTED]> Maybe other "unlisted" entries reflect similar circumstances (not available under normal circumstances)? All of the DNSBLs (ip4r) and RHSBLs listed on the Declude spam databases site (http://www.declude.com/Junkmail/support/ip4r.htm) are publicly accessible, unless it has been noted otherwise in the comments (e.g., MAPS tests). The "SBBL" spam database can be access by using: SBBL ip4r sbbl.they.com * 3 0 So far today I have flagged over 900 messages as spam using the SBBL test. Bill