I got this one:
Hi! Just to inform you that your email is used by a spamer who
intendsto steal bank account information thru a fake site. If
you are not involded, I can bring you additionnal information. Check
attached file for a proof. If you are, you're a little son of a
bitch.
--
Hi, John-
Thanks.
The address belongs to Comcast and is assigned to Hattiesburg-Laurel, MS.
Please send a complaint to [EMAIL PROTECTED]
-d
- Original Message -
From: "John Carter" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, February 28, 2006 10:17 PM
Subject: [Declude.JunkMail] ?? Sta
Starting to catch EXE attached messages with following subject lines coming (at
least currently) MESWILLEY.org [68.63.231.44].
You steal from innocent people
You are a criminal and will be busted!
Phshing is illigal
Where did you learn to scam?
John C
9:15p CST
---
This E-mail c
I downloaded it from the Declude site last week and it's running just fine.
Wolf
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler
Sent: Tuesday, February 28, 2006 5:14 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] 3.06
Only after I submitted an issue to Tech Support. No release notes for it
either...
I am running it.
- Original Message -
From: "Robert Grosshandler" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, February 28, 2006 4:14 PM
Subject: [Declude.JunkMail] 3.06
I haven't received notification of
Here's what I use to target DUL space:
SORBS-DUHL IP4R dnsbl.sorbs.net 127.0.0.10 0 0
NJABL-DYNABLOCK IP4R dynablock.njabl.org 127.0.0.3 0 0
NJABL-DUL IP4R dnsbl.njabl.org 127.0.0.3 0 0
MAILPOLICE-HELO dnsbl %HELO%.dynamic.rhs.mailpolice.com 127.0.0.2 0 0
MAILPOLICE-REVDNS dnsbl %REVDNS%.dynamic
In looking through my DNS tests I see only the following two to be
obviously checks on the DUL space
NJABL-DUL
SORBS-DUHL
Are there other DNS tests that would also indicate that it came from the
DUL space?
Thanx
Goran Jovanovic
Omega Network Solutions
---
This E-mail came from the Declude.JunkM
They kept that one quiet. I wasn't aware of any problems with 3.0.5.26, and
this is the first mention I've seen of 3.0.6, on this list or anywhere else.
I guess I need to check Declude's upgrade section on a daily basis to see when
they've snuck out a new release, since this information isn't a
I haven't received notification of 3.06. Did others receive a notice that
it was available?
Rob
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe
Title: Message
Are you utilizing
smartermail as your mail server?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand
Sent: Tuesday, February 28, 2006
12:10 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail]
Damaged Image Files
Title: Message
There is also a longstanding bug in at least Declude Virus that has
issues with very long base64 encoding. I have seen no reports that
this was fixed. I am wondering in this case whether or not the bug is
now being exploited by spammers also.
Matt
Jay Sudowski - Handy Netwo
Gary, you should upgrade to 3.0.6, which has been out for about a week now,
as 3.0.5.26 had serious problems with handling certain kinds of mime
encapsulate messages. We actually had to roll back to 3.0.5.23 after
reporting the issues with 3.0.5.26 to Declude. Version 3.0.6 fixed this
issue.
Title: Message
We had an issue with
Declude “corrupting” images from SmarterStats long ago. It turned
out the SmarterStats wasn’t inserting line breaks in their images, and
thus single lines were going out past 8,000 characters, at which point Declude
truncated the line. I wouldn’t be sur
Title: Message
Interesting. As Matt, said, if you can get an
original D*.SMD that would be great for following this
trail.
I would note that in addition, use the headers that were
received to track the sending IP and time, and check your IMail log, and from
there you will have the GUID fo
Title: Message
Erik,
I don't doubt the possibility of a bug causing the scanning of such a
message to fail, but there is a possibility of this also just simply
being a spam that passed, and a failure to insert the headers in the
correct place. It would be great if you guys could supply the fu
I received a couple with the broken gif as late as yesterday. The Declude
headers end up at the bottom of the message, but they are there. I'm running
Declude 3.0.5.26 and SmarterMail 2.6.
Gary
Original Message
> From: "Erik" <[EMAIL PROTECTED]>
> Sent: Tuesday, February 2
Title: Message
Yes,
they are passing SNIFFER and Darrell's INV-URIBL at this time. But what
Evans wrote is true. Either this "spammer" has corrected "his" image.. the
fact remains that in the past when it was a corrupted; Declude failed in our
version.
-Original Message-From:
Title: Message
Ditto.
I've received and held 24 messages with the same
title. Re-queuing 3 of these to myself, they had an image that was
intact.
They fail the usual RBL tests plus Message
Sniffer.
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of H
Title: Message
Matt,
I do not have any more of these emails that were sent to our abuse
address. We noticed this about 3 weeks ago. And what Evans wrote is
true; based on our versions and the emails received. This is an embedded
image that is damaged (where only 1/2 of the image displays)
Title: Message
Would you be willing to post the full contents of one of the D* files
and also indicate the version that you are running. This is for my own
interest, but I think it might be beneficial to others. It would also
be useful to see what was logged for this message. It may be that
Title: Message
Judgement is quick to pass for some around
here.
These are getting caught by my system
X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4],
HELOBOGUS [3], SNIFFER [13]
Harry Vanderzand inTown Internet & Computer Services 519-741-1222
From: [EMAIL PROTECTED]
[
Title: Message
The problem that we've seen this
"spammer" is that the image is corrupted as you mentioned... and Declude is
exiting; thus why it's being allowed to be delivered. "Smart" coding on the
spammer... Not so smart on Declude.
-Erik
-Original Message-From:
[EMAIL
We’re getting
the same. Also using Declude with smartermail. Because Declude doesn’t
appear to be scanning the headers there is no way for us to stop them.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin
Sent: Tuesday, February 28, 2006
12:3
Title: Message
At the moment, I'm using SAV corporate on
the Imail spool directory only. It picks up almost everything, but once in a
while something slips through, so it's not perfect. I'll be switching to Declude
AV shortly.
-d
- Original Message -
From:
Kevin Bilbee
2 other tactics against these:
1. Spamdomain test. A verizon.com from address is unlikely to come from a
wanadoo.fr reverse dns.
Spamdomains will have some false positive consequences...
2. Reverse DNS Filters. I'd consider a reverse dns with a cable or -dsl-
in it to be suspicious and w
Thanks, will look at blackholes.us.
My real problem is time. I've written a program and spreadsheet that
extracts the domains and IP's of delivered messages and shows the unique
IP's and how many messages came from them. But when I spend time
cross-checking with SenderBase and ARIN, I can spend
Hi John,
What is my best bet - jack up
the score a number of points for any mail coming from 86 & 87? Many of the
messages hardly trip any of the regular tests.
Wouldn't hurt - use blackholes.us and maybe score 40% of your hold
weight? I would say though blocking a /8 is not a good idea.
Hi Goran,
The keyword "Date: Date:" appears twice.
Best Regards
Mike Higgins
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive
interbusiness.it is actually Telecom Italia, that domain is used for
almost all customers reverse DNS including Dial-Up (not sure), ADSL,
E1 lines, even if customers have their own dns for domain resolution.
I.E:
www.example.it resolves in86.111.222.333
86.111.222.333resolves in
host33
29 matches
Mail list logo