Another good reason to never whitelist "From" addresses. Use the weighting system, it is much better suited to handle these kinds of issues.
Bill ----- Original Message ----- From: "Pete McNeil" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 17, 2003 12:15 PM Subject: [Declude.JunkMail] Watch out for your white lists... > We have observed a marked rise in email probes testing common white-list > strategies. In particular these seem to be targeted to amazon, paypal, > and ebay. > > The probes are designed to exploit complex white rules that are used to > prevent legitimate content from these providers from being captured by > spam rules. > > We believe that what will follow is a rash of scam messages designed to > extract personal information from users of these services. > > These probes are _not_ casual/typica... they are well thought out and > appear to be part of a very serious effort. All of them use a matched > combination of forged header and message features. > > We have seen this before in small numbers and done with simpler probes. > Both the number and sophistication of the probes are significantly > greater than we are used to seeing. > > We recommend: be on the lookout for these new scam messages to start > arriving, and be prepared to alter/refine your white rule strategies to > compensate. If you have some legitimate messages around from ebay, > amazon, and paypal then you should consider altering your white-list > strategies ahead of time. > > Hope this helps, > _M > > Pete McNeil (Madscientist) > President, MicroNeil Research Corporation > Chief SortMonster, www.SortMonster.com > VOX: 703-406-2016 > FAX: 703-406-2017 > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
