OT - J B Hunt

Phil Payne Thu, 22 Jun 2006 13:10:37 -0700

> Except  that he said that he forwarded it...not replied to it...and 
> jbhunt.com is  a valid
company dns entry for the J. B. Hunt trucking  firm.


Indeed.  I _can_ -  though some will find it hard to believe - spot devious 
emails.  This was
a genuine one.  Having been on global networks since I was a Fidonet node, my 
email
address(es) are well known to the spammers and I get an average of 180 spam 
emails a day.  The
system is pretty efficient - my only outstanding problem is what I'm now 
calling "jigsaw
GIFs" - people sending documents (usually penny stock spam) by digitising their 
crap in a
patchwork of GIFs with innocuous names and wrapping them in HTML to reassemble 
them as a page
image.

E.g. (from a couple of minutes ago):

Content analysis details:   (25.6 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.5 PLING_QUERY            Subject has exclamation mark and question mark
 2.0 DATE_IN_PAST_96_XX     Date: is 96 hours or more before Received: date
 0.2 HTML_TAG_BALANCE_BODY  BODY: HTML has unbalanced "body" tags
 0.0 HTML_MESSAGE           BODY: HTML included in message
 3.5 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                [Blocked - see <http://www.spamcop.net/bl.shtml?12.34.255.98>]
 3.9 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [12.34.255.98 listed in sbl-xbl.spamhaus.org]
 4.1 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: rudderkh.com]
 4.5 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: rudderkh.com]
 2.5 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format
 4.1 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
-1.2 AWL                    AWL: From: address is in the auto white-list

This catches all the phishing and pretty much all of the "meds" and 
"refinancing" stuff.

-- 
  Phil Payne
  http://www.isham-research.co.uk
  +44 7833 654 800

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

OT - J B Hunt

Reply via email to