=20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Do I then need to do a reverse lookup test and reject on all messages?
Also, most of the stuff seems to be coming from the domain below:
Asking i.root-servers.net for 154.1.161.80.in-addr.arpa PTR record: =20
i.root-servers.net says to go to AUTH62.NS.UU.NET. (zone:
80.in-addr.arpa.)
Asking AUTH62.NS.UU.NET. for 154.1.161.80.in-addr.arpa PTR record: =20
auth62.ns.uu.net says to go to ns4.tele.dk. (zone:
161.80.in-addr.arpa.)
Asking ns4.tele.dk. for 154.1.161.80.in-addr.arpa PTR record: =20
ns4.tele.dk says to go to auth02.ns.tele.dk. (zone:
1.161.80.in-addr.arpa.)
Asking auth02.ns.tele.dk. for 154.1.161.80.in-addr.arpa PTR record:
Reports 0x50a1019a.odnxx7.adsl-dhcp.tele.dk.
Answer:
80.161.1.154 PTR record: 0x50a1019a.odnxx7.adsl-dhcp.tele.dk. [TTL
43200s] [A=3D80.161.1.154]
- -----Original Message-----
From: Len Conrad [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 22, 2003 10:05 AM
To: [EMAIL PROTECTED]
Subject: [IMGate] Re: New Spam Source
>This will work for that host, but I have now received this same message
>from 10 different hosts!
if you use the PTR hostname interbusiness.it, then that blocks all of
that=20
ISP of which there is a huge number of spammers.
>And they seem to keep coming. The common
>denominator is the fax number at the bottom of the message. I suppose I
>could put that in a body check?
that would do it, it they fax number has not been obscured by some
hidden=20
characters inside the number. The problem with scanning for the fax
number=20
is that it is not anchored to the start of line, so you have to scan
every=20
byte of every message to catch a few messages. Content-scanning is very=20
inefficient, and mostly a waste of time.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPnyQw3EdOYXBB80+EQLK0wCfcDGdXGxRQEC+XsSg1DVE6NibNoAAoMIn
y8XVwRbwTX/gtX4vicAerlGj
=3DV12S
-----END PGP SIGNATURE-----
