Re: [Declude.JunkMail] BONDEDSENDER, spam hit on Virtumundo

[Matt]

Orin, I found a total of 8 bonded messages from Virtumundo in my capture accounts in the last 5 days (all to the same user).  It's likely that some others were passed, or even deleted considering, so the total was probably 12-16 messages from this one source to this one user in all (passed entries were missed for two days).  Those IP's are as follows: vl208-45.vmlocal.com [216.21.208.45] - Turn the email on your screen into a fax in their hand. vl208-44.vmlocal.com [216.21.208.44] - Make your windows as pretty as the view. vl208-52.vmlocal.com [216.21.208.52] - Too many shoes? Never heard of such a thing. vl208-54.vmlocal.com [216.21.208.54] - Get help, and get out of debt. vl208-67.vmlocal.com [216.21.208.67] - Answer all questions with a DNA test. vl208-75.vmlocal.com [216.21.208.75] - When it comes to refinancing, there really is no time like the present. vm208-78.adknow-net.com [216.21.208.78] - Low interest credit cards to get you back on your feet. vm208-66.adknow-net.com [216.21.208.66] - Need student loan consolidation? There's two things to note here; 1) the first 6 were held because I have a filter from Kami that tracked the REVDNS entry, but not the last two, 2) these are posted in order of being received, and they clearly were moving up their list of IP's in order to avoid detection, and then they changed their reverse DNS name as well (which worked in totality when bonded on my system). My point really is that if Bonded Sender really cared about "guaranteed legitimate E-mail", they would have done 10 minutes of due diligence and figured out what Virtumundo really was before ever listing them in the first place.  The Bonded Sender site in fact reads like a brochure for bulk-mailers talking about how many systems they are whitelisted on, but they then turn around and protect companies like Virtumundo, either by design, or by a lack of quality control.  Either way, they need to seriously rethink their business strategy because if they keep slipping up like this, they won't be able to claim any value to their paying customers. Personally, I feel like I was scammed.  No big deal, it was easy enough to fix.  I might suggest that some consideration be made to Declude's default inclusion and/or weighting of this test (scored at -20 currently). Matt Orin Wells wrote: Forgive me if this has been addressed before, but I would like to hear from Cyan what the policy and procedures are for de-listing a Bonded Sender when it is apparent they have disseminated spam. If I were running the show I would not only de-list them immediately, but I would bar the company from ever re-gaining certification under any name. Of course it has to be investigated to make sure the origin had not been spoofed to protect the innocent from false spamming charges. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================