RE: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web-o-Trust
FYI, we need to have a serious discussion not on a public forum about sharing/posting of filters and such. I am really concerned that spammers can easily get a hold of the information we talk about and use that to get around the very things we are trying to do. I have mixed feelings about this. On the one hand I agree that some things should be kept as private as possible - and that it might be best not to share those things not on a list but rather more directly. On the other hand, the cryptographer in me is reminded that obscurity is not security - in other words, the best solution is one that works even if everything about it is in the open. If that turns out not to be the case with this, then the solution still needs a lot more work. Any solution that requires secrecy will be some combination of: little benefit, difficult to impossible to deploy, and/or easy to compromise once discovered. Well, Williams post of his file is a good example. Any (not if I am sure) spammer that may read this list now sees that file and can then insert those keywords and walla! We are not talking security here, it is more like football plays. You do not want the other side to see what your plays are, less they can then plan to counter them. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New EU Laws come into force - just for info
http://news.bbc.co.uk/1/hi/technology/3308989.stm --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] revdns weight question
I'm curious as to what others are doing concerning the weight assigned to the revdns test. How much weight do you assign to your revdns test, as a percentage of your hold or delete limit? Our percentage is currently at 25% (10/40). Thanks, Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] revdns weight question
negative rDNS scores 5. No hold or delete. Subject line maker SPAM-VHIGH @ 30+. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of System Administrator Sent: 11 December 2003 13:01 To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] revdns weight question I'm curious as to what others are doing concerning the weight assigned to the revdns test. How much weight do you assign to your revdns test, as a percentage of your hold or delete limit? Our percentage is currently at 25% (10/40). Thanks, Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mail Hanging up
Is there anyway to have the gateway server dump the email to my server without having to set in the spool for so long? Also what do most of you have your Maxqueproc set to? Thanks, Kris McElroy [EMAIL PROTECTED] Chief Technology Officer Duracom, INC. www.duracom.net I am always doing that which I can not do, in order that I may learn how to do it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kris McElroy Sent: Wednesday, December 10, 2003 5:16 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Mail Hanging up I am running Windows DNS and the gateway server is the only machine that access to the DNS server. I also have another Gateway server that has about the same hardware specs, but a whole different set of domains that it happens to every once in a while too. If I were to upgrade my hardware what would you recommend? I am only using this as a relay server? Thanks, Kris McElroy [EMAIL PROTECTED] Chief Technology Officer Duracom, INC. www.duracom.net I am always doing that which I can not do, in order that I may learn how to do it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, December 10, 2003 4:47 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Mail Hanging up I couldn't get the find 12:10 14: sys1210.txt | find deliver /c to work That will work if you use the sys*.txt log file format. If you use the log*.txt log file format, it will be different (perhaps 12/10/2003 14: instead of 12:10 14:?). so I ran find deliver log1210.txt /c and find deliver log1209.txt /c 12-09-03 32,094 12-10-03 19,276 @ 4:15PM OK, that will show the number of E-mails per day. That will do, although won't be as precise. Now remember that this is happening once or twice a week. Is this low? high? That all depends on what is causing it. :) If it is a dictionary attack, that might be considered about average. If it is a user sending out 100,000 E-mails, that may be low or high depending on your user base. Do I need to up the Processor size? That, too, will depend on the underlying cause. For example, if it turns out your DNS server is hanging every few days (as all but the most recent versions of BIND 9 on NT would do), simply upgrading BIND or resetting it once a day be all you need to do. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Skipping filter if below a limit
Hi; Is there anyway to skip a filter if the starting weight is less than a certain amount? For example: We are running all of our negative weights at the beginning and do not want to whitelist them since who knows when that email may be used by spammers as a fake return address. BUT.. If an email has a weight of lets say -100 there is no reason to run it through some big filters. Right now we can skip a filter if the weight is over a certain amount but I don't think we can skip it if it is below a certain amount. or can we? Regards, Kami
RE: [Declude.JunkMail] email blocking
Title: Message This program will log one line for each e-mail received - currently there is no option to log any other way but I will consideroptions for future versions (like an option to log only whitelisted or blacklisted messages). If a message is whitelisted (i.e. the program returns a 1) declude automatically passes all spam tests. If a message is blacklisted (i.e. the program returns a 100) declude adds the weight value from the global.config. In the example: WAMCHECK externalplus nonzero "c:\IMail\Declude\wamcheck.exe" 10 0 a weight of 10 is added if a message is blacklisted. If you are just using a weight system, you should assign a weight that will always fail (like 20, 30, 100 etc.). Or you can add a line in the .junkfile like this: WAMCHECK DELETE or WAMCHECK HOLD If you are not using Declude Junkmail Pro, add this line to your $default$.junkmail file. If you have junkmail pro and you have a user.junkmail or domain.junkmail file, add the above line to the appropriate file. Bill -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of andybSent: Wednesday, December 10, 2003 5:43 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] email blocking Is there any way to get this to only log hits? It is logging everything now, from what I can see. I've read the on-line doc, in one place it says it assigns a 1, 100or a 0 for declude. I'm not sure how it is working with the weighting system... I just need to simply blacklist this one email address to this one user Thanks Andy - Original Message - From: Bill To: [EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 5:08 PM Subject: RE: [Declude.JunkMail] email blocking Andy, You may want to take a look at my WAMCHECK program. It is a user level whitelist/blacklist program. Several people have downloaded it and the comments that I have gotten back are positive. Also, ITS FREE. http://www.wamusa.com/wamcheck Thanks, Bill -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of andybSent: Wednesday, December 10, 2003 3:57 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] email blocking HI, Is there a way to block email from a specific email address, or only one of my customers? Thanks, Andy
RE: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web-o-Trust
| Any solution that requires secrecy will be some combination |of: little | benefit, difficult to impossible to deploy, and/or easy to |compromise | once discovered. | |Well, Williams post of his file is a good example. Any (not if |I am sure) spammer that may read this list now sees that file |and can then insert those keywords and walla! A great example. Keywords for whitelisting are a fragile solution, and an example of something best sent directly rather than on a list IMO. (very tight security required) On the other hand, a list of IP sources that are whitelisted and the protocols for using/generating that list represent a strong solution that can and should be described openly. That's the contrast I was trying to draw (not the specifics but the character). |We are not talking security here, it is more like football |plays. You do not want the other side to see what your plays |are, less they can then plan to counter them. I suppose I take a stronger position. I consider the stability of open messaging systems a security issue, and I'm used to working in that mode - perhaps that colors my views. No doubt it's not a good idea to broadcast your plays to the enemy. From my perspective, though, I heavily devalue any play that could be compromizing in enemy hands and prefer heavily actions that are of little help to the opposition when exposed. Just an opinion. Thanks! _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test suggestion request for comments...
Scott, I didn't see any response from you about this test suggestion. I was wondering what your thoughts were on a test like this and if you might consider implementing. If not, I will consider writing an external app to run this kind of test, however, it would be much better if supported by Declude since it already has all of the necessary values to plug into such a test. If I do an external app, I would need to re-run some of the tests Declude has already run (MX and rDNS) in order to retrieve these values. Bill - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 07, 2003 10:32 AM Subject: [Declude.JunkMail] Test suggestion request for comments... Scott, you have probably seen requests like this before, however, I think this would be a great way to support most corporate and some ISP e-mail domains with a negative weight based test: HELO RDNS domain match -5 HELO RDNS MAILFROM domain match -10 HELO RDNS domain match IPINMX -10 (yes, IP-in-MX) HELO RDNS MAILFROM domain match IPINMX -15 or ENDALLTESTS I say domain meaning just the last two segments of the FQHN, that portion that is registered with domain registrar. Since all of these tests are already run by Declude, if a bit of logic could be added to support a test like this, I think it could help us get a lot of legitimate mail delivered with fewer held due to FPs. Also, if people feel that the last test above is a very good indicator of legitimate e-mail, then if this test is run first (before all other tests), and there is a match with the last test shown above, and there was variable to ENDALLTESTS (and deliver), then this would also cut down on processing requirements. Thoughts anyone...? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test suggestion request for comments...
Bill: Would it not be a more general test if one could AND various test names? So then it would be a grand logic case.. Test1 test2 test3 match -10 That way it can help with a broader set of conditions. Just a thought.. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Thursday, December 11, 2003 11:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Test suggestion request for comments... Scott, I didn't see any response from you about this test suggestion. I was wondering what your thoughts were on a test like this and if you might consider implementing. If not, I will consider writing an external app to run this kind of test, however, it would be much better if supported by Declude since it already has all of the necessary values to plug into such a test. If I do an external app, I would need to re-run some of the tests Declude has already run (MX and rDNS) in order to retrieve these values. Bill - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 07, 2003 10:32 AM Subject: [Declude.JunkMail] Test suggestion request for comments... Scott, you have probably seen requests like this before, however, I think this would be a great way to support most corporate and some ISP e-mail domains with a negative weight based test: HELO RDNS domain match -5 HELO RDNS MAILFROM domain match -10 HELO RDNS domain match IPINMX -10 (yes, IP-in-MX) HELO RDNS MAILFROM domain match IPINMX -15 or ENDALLTESTS I say domain meaning just the last two segments of the FQHN, that portion that is registered with domain registrar. Since all of these tests are already run by Declude, if a bit of logic could be added to support a test like this, I think it could help us get a lot of legitimate mail delivered with fewer held due to FPs. Also, if people feel that the last test above is a very good indicator of legitimate e-mail, then if this test is run first (before all other tests), and there is a match with the last test shown above, and there was variable to ENDALLTESTS (and deliver), then this would also cut down on processing requirements. Thoughts anyone...? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test suggestion request for comments...
Possibly, however, I was trying to bring it down to the most basic components of an e-mail: HELO, rDNS, MX, MAILFROM. All other tests are really extraneous to these basic components. I simply felt that if all of these basic components matched, that it would be a pretty good indicator of a legitimate message. Bill - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 8:44 AM Subject: RE: [Declude.JunkMail] Test suggestion request for comments... Bill: Would it not be a more general test if one could AND various test names? So then it would be a grand logic case.. Test1 test2 test3 match -10 That way it can help with a broader set of conditions. Just a thought.. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Thursday, December 11, 2003 11:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Test suggestion request for comments... Scott, I didn't see any response from you about this test suggestion. I was wondering what your thoughts were on a test like this and if you might consider implementing. If not, I will consider writing an external app to run this kind of test, however, it would be much better if supported by Declude since it already has all of the necessary values to plug into such a test. If I do an external app, I would need to re-run some of the tests Declude has already run (MX and rDNS) in order to retrieve these values. Bill - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 07, 2003 10:32 AM Subject: [Declude.JunkMail] Test suggestion request for comments... Scott, you have probably seen requests like this before, however, I think this would be a great way to support most corporate and some ISP e-mail domains with a negative weight based test: HELO RDNS domain match -5 HELO RDNS MAILFROM domain match -10 HELO RDNS domain match IPINMX -10 (yes, IP-in-MX) HELO RDNS MAILFROM domain match IPINMX -15 or ENDALLTESTS I say domain meaning just the last two segments of the FQHN, that portion that is registered with domain registrar. Since all of these tests are already run by Declude, if a bit of logic could be added to support a test like this, I think it could help us get a lot of legitimate mail delivered with fewer held due to FPs. Also, if people feel that the last test above is a very good indicator of legitimate e-mail, then if this test is run first (before all other tests), and there is a match with the last test shown above, and there was variable to ENDALLTESTS (and deliver), then this would also cut down on processing requirements. Thoughts anyone...? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web-o-Trust
A great example. Keywords for white listing are a fragile solution, and an example of something best sent directly rather than on a list IMO. (very tight security required) On the other hand, a list of IP sources that are whitelisted and the protocols for using/generating that list represent a strong solution that can and should be described openly. That's the contrast I was trying to draw (not the specifics but the character). OK, I see your point. IP addresses tend to be static in that the configuration of the server does not change much, unless it was a misconfiguration or some such thing. Those then could be discussed openly, black or white. But such things commonly known as keywords, which can include strings, characters, filters and all others not based on the IP address, should be kept away from John Q. Public, which includes spammers. This is the kind of information the enemy wants and can use to circumvent our efforts. If they know that we look for certain keywords, they can use that to their advantage. No doubt it's not a good idea to broadcast your plays to the enemy. From my perspective, though, I heavily devalue any play that could be compromizing in enemy hands and prefer heavily actions that are of little help to the opposition when exposed. But the problem is the nature of the issue. To fight spam, we look for characteristics as we know them, and if there are enough, we flag accordingly. If the spammer knows what we are looking for, they can adjust how they craft and send the message to circumvent. What I am proposing is to set up a website that would require a username and password. Each user would have their own directory to place files they wish to allow others to view and use. They would be the only one that could modify those files. Everyone who was a member could view all the directories and files. Membership would be free but would require signing up. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, December 11, 2003 8:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web- o-Trust | Any solution that requires secrecy will be some combination |of: little | benefit, difficult to impossible to deploy, and/or easy to |compromise | once discovered. | |Well, Williams post of his file is a good example. Any (not if |I am sure) spammer that may read this list now sees that file |and can then insert those keywords and walla! |We are not talking security here, it is more like football |plays. You do not want the other side to see what your plays |are, less they can then plan to counter them. I suppose I take a stronger position. I consider the stability of open messaging systems a security issue, and I'm used to working in that mode - perhaps that colors my views. Just an opinion. Thanks! _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Skipping filter if below a limit
Is there anyway to skip a filter if the starting weight is less than a certain amount? No, but we will be looking into adding that. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test suggestion request for comments...
Scott, I didn't see any response from you about this test suggestion. I was wondering what your thoughts were on a test like this and if you might consider implementing. We definitely are considering it. The first step is going to be how to implement it, which may be a difficult decision. Although it sounds simple (A tests that checks to see if various combinations of return address, HELO/EHLO an PTR match), the actual implementation could be done in a number of different ways (each of which has its own advantages and drawbacks). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test suggestion request for comments...
Thanks Scott, as long as it's being considered, I will hold off - especially since I think you could do a much better job of implementing it than I could through an external app, anyway. Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 9:08 AM Subject: Re: [Declude.JunkMail] Test suggestion request for comments... Scott, I didn't see any response from you about this test suggestion. I was wondering what your thoughts were on a test like this and if you might consider implementing. We definitely are considering it. The first step is going to be how to implement it, which may be a difficult decision. Although it sounds simple (A tests that checks to see if various combinations of return address, HELO/EHLO an PTR match), the actual implementation could be done in a number of different ways (each of which has its own advantages and drawbacks). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] wanadoo.fr
And a big source of spam from those dialup and dsl IPs Mike - Original Message - From: serge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 10:19 PM Subject: Re: [Declude.JunkMail] wanadoo.fr this this france telecom (french att) internet services largest isp in france, with dialup and dsl customers - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 5:17 PM Subject: [Declude.JunkMail] wanadoo.fr Any one see legit coming from this domain? All I see are spam. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Performance fromfile
A while back, I had asked about the comparison in performance of a fromfile and a filter using MAILFROM ENDSWITH. Scott, you stated that would not be much difference. But wouldn't Declude stop processing a fromfile as soon as a match is found, where in a filter to goes through the whole file? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] revdns weight question
Greg, 20% of our hold weight on our primary mx 30% of our hold weight on our backup mx Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com System Administrator writes: I'm curious as to what others are doing concerning the weight assigned to the revdns test. How much weight do you assign to your revdns test, as a percentage of your hold or delete limit? Our percentage is currently at 25% (10/40). Thanks, Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Performance fromfile
A while back, I had asked about the comparison in performance of a fromfile and a filter using MAILFROM ENDSWITH. Scott, you stated that would not be much difference. But wouldn't Declude stop processing a fromfile as soon as a match is found, where in a filter to goes through the whole file? That will happen. :) In the current version, it will go through all entries. However, as you pointed out, there is no benefit in continuing processing with a fromfile after the first match is reached -- so the logic will be changed for the next release (and therefore giving the fromfile a slight performance advantage over filters -- but it would only be noticeable if there were a lot, perhaps 1000s, of entries). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Performance fromfile
In the current version, it will go through all entries. However, as you pointed out, there is no benefit in continuing processing with a fromfile after the first match is reached -- so the logic will be changed for the next release (and therefore giving the fromfile a slight performance advantage over filters -- but it would only be noticeable if there were a lot, perhaps 1000s, of entries). Thanks. When processing 175K messages per day, every little bit helps. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web-o-Trust
|What I am proposing is to set up a website that would require |a username and password. Each user would have their own |directory to place files they wish to allow others to view and |use. They would be the only one that could modify those files. |Everyone who was a member could view all the directories and files. I hear ya... Just consider this. You will become a trusted authority on the members - essentially saying that since the members were allowed to sign up they can be trusted. Can you be fooled? I know I can. I'm not saying not to do it... Just pointing out some things that my intuition complains about. I think this thread has taken on more emphasis than I intended. I apologize. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web-o-Trust
I hear ya... Just consider this. You will become a trusted authority on the members - essentially saying that since the members were allowed to sign up they can be trusted. Can you be fooled? I know I can. Yes, I can be fooled. That is why I am going to create a signup form that will require information that will be checked, and then maybe even have a panel of known trusted people that will then say ya nay. To be included such things as: 1. E-mail address used must be a part of the company represented. 2. Runs checks against the domain and MX records. 3. Not known to send out bounces or notifications to forged senders. 4. Must have current support agreement with Declude. (With Scott's permission.) 5. Must be a Declude JM customer for at least 6 months. (Verified with Scott's permission.) 6. Maybe others. I'm not saying not to do it... Just pointing out some things that my intuition complains about. I think this thread has taken on more emphasis than I intended. I apologize. No need to apologize. This was my intention to take this direction. No, it is not easy and will not satisfy everyone. But it is a start. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Decoding encoded subject lines
How can you decode the encoded subject lines so as to see what it is and then create a filter? Things like: =?ISO-8859-1?b?RUVOVCBjaGVjayBzdG9jayBjaGFydA==?= =?ISO-8859-1?b?RUVOVCBQcm9kdWN0aW9uIFByb2dyZXNz?= =?ISO-8859-1?B?SGk=?= John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web-o-Trust
1. E-mail address used must be a part of the company represented. 2. Runs checks against the domain and MX records. 3. Not known to send out bounces or notifications to forged senders. 4. Must have current support agreement with Declude. (With Scott's permission.) 5. Must be a Declude JM customer for at least 6 months. (Verified with Scott's permission.) 6. Maybe others. Something tells me that a spammer would gladly buy Declude Lite and sign up with a legit domain if they felt they'd get a giant return on that investment (as they usually do on their other investments). The panel idea is fine, but inherently limits the size of the working group...but perhaps that's exactly what's needed now: cell-based spamfighting in which small groups rely on their smarts (and, it must be granted, occasional leaks from other groups) to innovate, understanding that cells will inevitably duplicate a bunch of work but secure in the relative privacy of each cell's ideas over those worked out in huge public fora. Like Pete, not saying not to do it, but I don't see it as significantly more bulletproof (if quantifiable) than WOT. They have different foci, different vulnerabilities. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Decoding encoded subject lines
John Tolmachoff (Lists) wrote: How can you decode the encoded subject lines so as to see what it is and then create a filter? Things like: =?ISO-8859-1?b?RUVOVCBjaGVjayBzdG9jayBjaGFydA==?= =?ISO-8859-1?b?RUVOVCBQcm9kdWN0aW9uIFByb2dyZXNz?= =?ISO-8859-1?B?SGk=?= I've only been able to seen the actual subject in a mail client. Here are the filter entries I have for the screwy encodings: SUBJECT 40 CONTAINS =?ISO-8859-1?b? SUBJECT 40 CONTAINS =?koi8-r SUBJECT 40 CONTAINS =?windows-1251?B? Mike --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spammer network
For what its worth this is the info of a spam host that harvested one of my emails from the whois database and will spam using different domain names to get around unsubscribe requests. Here's the current one: Received: from Mailer3.gd-aol.com (52.gd-aol.com [66.63.163.52]) Here's one from a month ago: Received: from mailer16.i-jst5.com (unknown [66.63.167.61]) The host is below. OrgName:OC3 Networks Web Solutions, LLC OrgID: ONWSL Address:6279 Variel Ave Address:Suite H City: Woodland Hills StateProv: CA PostalCode: 91367 Country:US NetRange: 66.63.160.0 - 66.63.175.255 CIDR: 66.63.160.0/20 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Decoding encoded subject lines
How can you decode the encoded subject lines so as to see what it is and then create a filter? http://david.carter-tod.com/base64/ Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Decoding encoded subject lines (note)
=?ISO-8859-1?b?RUVOVCBjaGVjayBzdG9jayBjaGFydA==?= =?ISO-8859-1?b?RUVOVCBQcm9kdWN0aW9uIFByb2dyZXNz?= =?ISO-8859-1?B?SGk=?= The b? in the encoded string means base64-encoded To decode the string just use all after the b? It's not a good idea to filter anything (or to asign a high weight) that is ISO/Base64 encoded. Many international formated legit messages can have such subject lines. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Decoding encoded subject lines
Whenever you see ISO-8859 encoding for a subject, you should just simply assume it is spam, or at least I have never see a false positive on this. SUBJECT15CONTAINS=?ISO-8859-1?b? ISO-8859 is Latin-1, which is the standard character set and there is no need to be encoding Latin-1 except to get around content filters. Declude doesn't decode base64 encoded subjects, so running filters against this stuff is useless, though I believe that SpamChk will do decoding...but again, I don't see why bother until some mail client starts exhibiting this behavior (please speak up if you have seen this). This is a perfect example of how an obfuscation method can be more indicative than the content itself. Matt Mike Leonard wrote: John Tolmachoff (Lists) wrote: How can you decode the encoded subject lines so as to see what it is and then create a filter? Things like: =?ISO-8859-1?b?RUVOVCBjaGVjayBzdG9jayBjaGFydA==?= =?ISO-8859-1?b?RUVOVCBQcm9kdWN0aW9uIFByb2dyZXNz?= =?ISO-8859-1?B?SGk=?= I've only been able to seen the actual subject in a mail client. Here are the filter entries I have for the screwy encodings: SUBJECT 40 CONTAINS =?ISO-8859-1?b? SUBJECT 40 CONTAINS =?koi8-r SUBJECT 40 CONTAINS =?windows-1251?B? Mike --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Decoding encoded subject lines (note)
Gufler Markus wrote: It's not a good idea to filter anything (or to asign a high weight) that is ISO/Base64 encoded. Many international formated legit messages can have such subject lines. This is true except for ISO-8859 which is Latin-1, which doesn't need to be encoded in E-mail. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New fraud exploit likely to be seen soon
http://netscape.com.com/2100-1105_2-5119440.html?part=netscapesubj=technewstag=mynetscape Follow the link to the following address for an example (only works as designed in Internet Explorer): http://www.zapthedingbat.com/security/ex01/vun1.htm I would assume that you should probably throw in a filter for the following in order to prevent this, and of course tag any E-mails that might attempt to use it: BODY 15 CONTAINS %01@ Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam for Overseas
Hello All. Most of the spam that I get is coming from Netherlands, Germany, France, Italy and so on and so on. Is there anyway to block these based on the country? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] [OT] Anybody Charging for Filtering Services?
Hello, Kind of Off-Topic, but was wondering if anybody is charging their customers a fee for providing Declude Spam/Virus filtering? We have been providing as a free service for about 18 months and would like to charge if we can to help offset some of the costs of managing. Problem is how to approach customers since they have been getting for free and how much to charge. Any experience/ideas would be appreciated. You can email me off list at [EMAIL PROTECTED] if you'd prefer. Thanks in advance, George --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [OT] Anybody Charging for Filtering Services?
$0.00 for spam control $3.00/month for Virus Protection. At this price we have had a lot of takers. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ITG Lists Sent: Thursday, December 11, 2003 4:05 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] [OT] Anybody Charging for Filtering Services? Hello, Kind of Off-Topic, but was wondering if anybody is charging their customers a fee for providing Declude Spam/Virus filtering? We have been providing as a free service for about 18 months and would like to charge if we can to help offset some of the costs of managing. Problem is how to approach customers since they have been getting for free and how much to charge. Any experience/ideas would be appreciated. You can email me off list at [EMAIL PROTECTED] if you'd prefer. Thanks in advance, George --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [This E-mail was scanned for viruses by AmeriMail] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Decoding encoded subject lines
This is a perfect example of how an obfuscation method can be more indicative than the content itself. These are failing GIBBERISHSUB and ANTIGIBBERISHSUB. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Decoding encoded subject lines
ISO-8859 is Latin-1, which is the standard character set and there is no need to be encoding Latin-1 except to get around content filters. You're right. Testing with Outlook 2003 and some messages containing legit special characters I can confirm that all legit messages are Quoted printable encoded with =?ISO-8859-1?Q?... The subject lines of spam messages usualy are BASE64-encoded: =?ISO-8859-1?B?... But I've found also several legit cases where the e-mail client has base64 encoded the entire subject line or also only the word that contains a special character. (Some of them was send from a hotmail account. During bussines time the ratio between ISO-8859-1/base64 encoded legit and spam messages on our server is around 35/65. Note: We process a lot of messages in German and Italian. Also messages written in French or Spanish can contain special characters like äöüàèòùáéóú So maybe it's a good idea to give some points for =?ISO-8859-1?B? but not too much to avoid FPs. ... though I believe that SpamChk will do decoding... Right. It will decode both quoted printable and base64 encoded subject lines before checking for keywords. At the moment it will not write the decoded string in the spamchk logfile but I think this will be changed in the next release. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New fraud exploit likely to be seen soon
Actually, upon further reading, it appears that this affects all non-printing characters that are URL encoded. Here's a list of everything that I could find which is non-printing. Also note that I don't believe that OBFUSCATION will catch this, and @LINKED will catch it only if the @ is followed by a www. It seems like it might be a good idea to therefore integrate the following, though I may include this in a future version of OBFUSCATION. # 000-031 BODY15CONTAINS%00@ BODY15CONTAINS%01@ BODY15CONTAINS%02@ BODY15CONTAINS%03@ BODY15CONTAINS%04@ BODY15CONTAINS%05@ BODY15CONTAINS%06@ BODY15CONTAINS%07@ BODY15CONTAINS%08@ BODY15CONTAINS%09@ BODY15CONTAINS%0a@ BODY15CONTAINS%0b@ BODY15CONTAINS%0c@ BODY15CONTAINS%0d@ BODY15CONTAINS%0e@ BODY15CONTAINS%0f@ BODY15CONTAINS%10@ BODY15CONTAINS%11@ BODY15CONTAINS%12@ BODY15CONTAINS%13@ BODY15CONTAINS%14@ BODY15CONTAINS%15@ BODY15CONTAINS%16@ BODY15CONTAINS%17@ BODY15CONTAINS%18@ BODY15CONTAINS%19@ BODY15CONTAINS%1a@ BODY15CONTAINS%1b@ BODY15CONTAINS%1c@ BODY15CONTAINS%1d@ BODY15CONTAINS%1e@ BODY15CONTAINS%1f@ # 127-159 BODY15CONTAINS%7f@ BODY15CONTAINS%80@ BODY15CONTAINS%81@ BODY15CONTAINS%82@ BODY15CONTAINS%83@ BODY15CONTAINS%84@ BODY15CONTAINS%85@ BODY15CONTAINS%86@ BODY15CONTAINS%87@ BODY15CONTAINS%88@ BODY15CONTAINS%89@ BODY15CONTAINS%8a@ BODY15CONTAINS%8b@ BODY15CONTAINS%8c@ BODY15CONTAINS%8d@ BODY15CONTAINS%8e@ BODY15CONTAINS%8f@ BODY15CONTAINS%90@ BODY15CONTAINS%91@ BODY15CONTAINS%92@ BODY15CONTAINS%93@ BODY15CONTAINS%94@ BODY15CONTAINS%95@ BODY15CONTAINS%96@ BODY15CONTAINS%97@ BODY15CONTAINS%98@ BODY15CONTAINS%99@ BODY15CONTAINS%9a@ BODY15CONTAINS%9b@ BODY15CONTAINS%9c@ BODY15CONTAINS%9d@ BODY15CONTAINS%9e@ BODY15CONTAINS%9f@ Matt Matthew Bramble wrote: http://netscape.com.com/2100-1105_2-5119440.html?part=netscapesubj=technewstag=mynetscape Follow the link to the following address for an example (only works as designed in Internet Explorer): http://www.zapthedingbat.com/security/ex01/vun1.htm I would assume that you should probably throw in a filter for the following in order to prevent this, and of course tag any E-mails that might attempt to use it: BODY 15 CONTAINS %01@ Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
How do the names get added to the list (or web-o-trust)? By getting someone to trust them. For example, we're asking that our customers let us know that they have set up a WOT file, and we add them to our WOT file, which a lot of people already trust. Hi Scott, As an ISP we host several webspaces of our customers and have full control of it. It's possible (and considerable) to set up a script that creates web-o-trust.txt files for all this customers on their own webspace and so create our little trusted network? Makes this any sense if all this customers send out messages over the same MTA (and IP)? Final question: If I've setup up this txt file. What else shoild I do? How my declude know which other IP's are WOT-whitelisted? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam for Overseas
Samantha, If you have the Pro version of JunkMail, try the FOREIGN/TLD filter set from my site at http://www.mailpure.com/software/decludefilters/ I wouldn't recommend blocking based on just the country, but the FOREIGN filter allows you to define countries according to several different markers for adding a few points to, and then the TLD filters punish domains that are either poorly configured, or might mix TLD's from different regions. It's very effective at adding points to crud spam that has randomized addresses, because they tend to randomize the HELO and MAILFROM, while the REVDNS is going to be fixed to whatever zombie computer they are exploiting. Matt Bridges, Samantha wrote: Hello All. Most of the spam that I get is coming from Netherlands, Germany, France, Italy and so on and so on. Is there anyway to block these based on the country? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Decoding encoded subject lines
Markus Gufler wrote: But I've found also several legit cases where the e-mail client has base64 encoded the entire subject line or also only the word that contains a special character. (Some of them was send from a hotmail account). Are you talking about the ?B? or the ?Q? I don't check for ?Q?, but this would be problematic if it happened with ?B?. I've been failing on that filter alone for months now without any FP's. Of course, all of my customers are from the US and they tend to get very little foreign E-mail, and nothing legit that is in any other language. This may be why it is safe on my server. I would though reduce the scoring if you confirmed the issues with ?B?, it just wasn't perfectly clear from what I read. It seems that you are saying that a high-bit character, even though it might be standard Latin-1, will cause some mail clients to base64 encode the subject. If so, it would seem that this is only necessary to mail clients that only support 7 bit characters in the subject, or possibly the result of bad programming, or non-English versions of mail programs? Please let me know. Thanks, Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
Markus: The following line will give everyone with a web-o-trust a little negative weight. WEB-O-TRUST ip4rcabal.web-o-trust.org * -2 0 At present - it truly means everyone. They have already stated that eventually they'll become selective on which Ips they add to their whitelist RBL. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Thursday, December 11, 2003 05:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Web-o-Trust Hi Scott, As an ISP we host several webspaces of our customers and have full control of it. It's possible (and considerable) to set up a script that creates web-o-trust.txt files for all this customers on their own webspace and so create our little trusted network? Makes this any sense if all this customers send out messages over the same MTA (and IP)? Final question: If I've setup up this txt file. What else shoild I do? How my declude know which other IP's are WOT-whitelisted? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Decoding encoded subject lines
That's intended. Base64 encoding will almost always trip GIBBERISH and GIBBBERISHSUB so we counterbalance for that in the ANTI files. In the ANTI-GIBBERISHSUB filter it looks for ?b? and credits back the points, and this string is also in the GIBBERISHSUB filter just to make sure that too much credit isn't given (ensuring that the main filter is tripped). Matt John Tolmachoff (Lists) wrote: This is a perfect example of how an obfuscation method can be more indicative than the content itself. These are failing GIBBERISHSUB and ANTIGIBBERISHSUB. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- === Matthew S. Bramble President and Technical Coordinator iGaia Incorporated, Operator of NYcars.com --- Office Phone: (518) 862-9042 Cellular: (518) 229-3375 Fax: (518) 862-9044 E-mail: [EMAIL PROTECTED] or [EMAIL PROTECTED] === --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Why was this marked as spam?
Do you mark the subject of messages with Declude? If not, this was marked by another mail server before it reached yours. Matt Technical Support wrote: This message was labelled in the subject as SPAM: but the only test I see it failing is the IPNOTINMX, which in the user's .junkmail file is set to WARN. The IPNOTINMX is also set to WARN in the $default$.junkmail file as well. Here are the headers (slightly modified to remove email addresses). Any help would be appreciated, as I'm just starting to understand Declude JM: -- Microsoft Mail Internet Headers Version 2.0 thread-index: AcO0NYibESR0h6zcQI2sukVFsutg2Q== Received: from ipa-agency.com ([216.118.194.60] unverified) by mail.corp.ync.net with Microsoft SMTPSVC(5.0.2195.4905); Wed, 26 Nov 2003 09:54:11 -0600 Received: from SMTP32-FWD by ync.net (SMTP32) id A042C4971; Wed, 26 Nov 2003 09:50:15 -0600 Received: from BFFCR21 [216.34.189.59] by ipa-agency.com with ESMTP (SMTPD32-8.02) id AB7B1A9900CC; Wed, 26 Nov 2003 09:49:15 -0600 Content-Transfer-Encoding: 7bit From: -REMOVED- To: -REMOVED- Content-Class: urn:content-classes:message Priority: normal Subject: SPAM: IPA November Newsletter Date: Wed, 26 Nov 2003 10:00:18 -0600 Message-ID: !~!UENERkVCMDkAAQACABgA6hkri0/z0xGuIwBQ2tibrsKA AAAQTN/[EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0031_01C3B404.1FE5D250 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4925.2800 X-RBL-Warning: IPNOTINMX: X-Declude-Sender: [EMAIL PROTECTED] [216.34.189.59] X-Spam-Tests-Failed: IPNOTINMX [0] X-Note: This E-mail was sent from ([216.34.189.59]). Return-Path: -REMOVED- X-OriginalArrivalTime: 26 Nov 2003 15:54:11.0234 (UTC) FILETIME=[88780820:01C3B435] -- The only test I have set to SUBJECT is the WEIGHT10 test for when it reaches a weight of 10, but the weight here is 0. Any ideas? Thank you for making YourNET Connection your connection to the world Jim O'Keefe Technical Support @YourNET Connection, Inc. [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Decoding encoded subject lines
Thanks a bunch Markus. What I will likely do is reduce this to only about 70% of my fail weight, figuring that most messages which use one obfuscation technique use others which will also produce a score, such as Declude's BASE64 test (30% on my system), and on my system, the two alone will produce a failure at those scores. I don't expect to see this stuff passing unless it's legit then, and it will help protect from FP's. This is probably good advice for others as well. Matt Markus Gufler wrote: Are you talking about the ?B? or the ?Q? ?B? Some examples from todays logfile: Subject: Freiberufliche Mitarbeit. Brauchen Sie =?ISO-8859-1?B?3GJlcnNldHp1bmdlbj8g?= Subject: Re: Mutige =?iso-8859-1?b?TeRkY2hlbi1TdGFya2U=?= Frauen =?iso-8859-1?b?SuRubmVy?= Termin In this cases only the words containing high-bit characters are BASE64 encoded. Subject: =?ISO-8859-1?B?3A==?=bersetzung Sachsenklemme Subject: fragen f=?ISO-8859-1?B?/A==?=r advent-gewinnspiel In this cases only the high-bit characters are BASE64 encoded. Subject: =?ISO-8859-1?B?Uvxja2xhc3RzY2hyaWZ0IHZvbSAxMS4xMi4yMDAz?= Subject: =?iso-8859-1?B?aWNoIGJpbnO0cw==?= In this cases the entire subject line is BASE64 encoded Both messages was send from web-mailers (Hotmail and GMX) and contain high bit characters. For the messages above I haven't any information with what mail clients the messages was created. All the messages above are 100% legit. But this will concern only mailservers that process messages in international languages using a lot of high-bit characters. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Andy, do they seem to be responding to your IP4R queries. The site appears to be down from my perspective. Bill - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 2:11 PM Subject: RE: [Declude.JunkMail] Web-o-Trust Markus: The following line will give everyone with a web-o-trust a little negative weight. WEB-O-TRUST ip4rcabal.web-o-trust.org * -2 0 At present - it truly means everyone. They have already stated that eventually they'll become selective on which Ips they add to their whitelist RBL. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Thursday, December 11, 2003 05:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Web-o-Trust Hi Scott, As an ISP we host several webspaces of our customers and have full control of it. It's possible (and considerable) to set up a script that creates web-o-trust.txt files for all this customers on their own webspace and so create our little trusted network? Makes this any sense if all this customers send out messages over the same MTA (and IP)? Final question: If I've setup up this txt file. What else shoild I do? How my declude know which other IP's are WOT-whitelisted? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
I applaud there efforts, but... $2500 a piece will deter no one!!! Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Thursday, December 11, 2003 3:27 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges http://www.washingtonpost.com/wp-dyn/articles/A56209-2003Dec11.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
It's the five years that makes it a deterrent. Nobody cares about the amount of the arbitrary fines for committing murder, either. -Original Message- From: Todd Holt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 4:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I applaud there efforts, but... $2500 a piece will deter no one!!! http://www.washingtonpost.com/wp-dyn/articles/A56209-2003Dec11.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
.02 The courts will see this as a victimless crime and give him a 2 month sentence, under house arrest, blah, blah, blah, ginger. Then companies can sue him in civil court for losses they can document... Can you document your monetary losses from SPAM from a specific source?? I know that I can't. That's what they count on. If they really wanted to stop SPAM they would, by making a mandatory 1 year in jail for conviction of sending a single piece of SPAM. That would make the punishment too great to risk committing the crime. Why do you think so many people break the speed limit? Not because they are unlikely to get caught, but if they do get caught, the punishment is only a small fine and traffic school (which you can now take at home in most states). The bottom line is that this is a political way to say they are doing something about the problem without spending a lot of money or effort on a problem they see as a nuisance. /.02 Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Keith Anderson Sent: Thursday, December 11, 2003 4:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges It's the five years that makes it a deterrent. Nobody cares about the amount of the arbitrary fines for committing murder, either. -Original Message- From: Todd Holt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 4:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I applaud there efforts, but... $2500 a piece will deter no one!!! http://www.washingtonpost.com/wp-dyn/articles/A56209-2003Dec11.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Why was this marked as spam?
This message was labelled in the subject as SPAM: but the only test I see it failing is the IPNOTINMX, which in the user's .junkmail file is set to WARN. The IPNOTINMX is also set to WARN in the $default$.junkmail file as well. The best thing to do here would be to look at the Declude JunkMail log file, which will show you which tests it failed as well as the action that was taken for each test. That should help narrow down what happened. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Per user tests....
I am still having issues with this. I have the REDIRECT [EMAIL PROTECTED] c:\dir\dir\filename in both the global.cfg and the $junkmail file. I also have the renamed copy of the $junkmail file with the custom actions in the Imail directory. It is not processing the users settings... Can you look at the global.cfg and $junkmail files or give me another thing to test for ? The key here is that the REDIRECT command must be in whichever config file is used by the recipient. So if you already have a per-user or per-domain configuration file, the REDIRECT command would need to be in there. Also, you should note that Declude will never look at anything in the \IMail\ directory (the only file that belongs there is the Declude.exe file). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Andy, do they seem to be responding to your IP4R queries. The site appears to be down from my perspective. http://www.dnsstuff.com/tools/lookup.ch?name=2.0.0.127.cabal.web-o-trust.orgtype=A shows that it is working. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
Obviously we all hate spam, but in a country where Enron's executives still haven't been charged with a crime, it seems that maybe we're making a bit too much out of an individual spammer. I consider these guys to be merely a nuisance on an individual basis and the only damage they are capable of on their own seems mostly to be the result of carelessness instead of something intentional. I think a moderate jail sentence for a first offense is reasonable, but they should be fined in an amount comparable to their revenues from such activities. I haven't read the article though, so maybe these guys are the worst of the worst and deserve something a bit more harsh. I'd just rather we jail violent felons for long periods of time instead of just people that lack good judgment or good moral character, especially since such sentences won't stop spammers, it will just cause them to move elsewhere, as they have already been doing for some time. Matt Todd Holt wrote: .02 The courts will see this as a victimless crime and give him a 2 month sentence, under house arrest, blah, blah, blah, ginger. Then companies can sue him in civil court for losses they can document... Can you document your monetary losses from SPAM from a specific source?? I know that I can't. That's what they count on. If they really wanted to stop SPAM they would, by making a mandatory 1 year in jail for conviction of sending a single piece of SPAM. That would make the punishment too great to risk committing the crime. Why do you think so many people break the speed limit? Not because they are unlikely to get caught, but if they do get caught, the punishment is only a small fine and traffic school (which you can now take at home in most states). The bottom line is that this is a political way to say they are doing something about the problem without spending a lot of money or effort on a problem they see as a nuisance. /.02 Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Keith Anderson Sent: Thursday, December 11, 2003 4:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges It's the five years that makes it a deterrent. Nobody cares about the amount of the arbitrary fines for committing murder, either. -Original Message- From: Todd Holt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 4:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I applaud there efforts, but... $2500 a piece will deter no one!!! http://www.washingtonpost.com/wp-dyn/articles/A56209-2003Dec11.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Yep, it does appear to be back up now. However, for about an hour after I implemented the test, my bind logs showed that the server was not responding. Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 5:59 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Andy, do they seem to be responding to your IP4R queries. The site appears to be down from my perspective. http://www.dnsstuff.com/tools/lookup.ch?name=2.0.0.127.cabal.web-o-trust.orgtype=A shows that it is working. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Wow, certainly not a very stable server: = How I am searching: Searching for A record for 2.0.0.127.cabal.web-o-trust.org at d.root-servers.net: Got referral to TLD2.ULTRADNS.NET. [took 45 ms] Searching for A record for 2.0.0.127.cabal.web-o-trust.org at TLD2.ULTRADNS.NET.: Got referral to angel.heaven.net. [took 43 ms] Searching for A record for 2.0.0.127.cabal.web-o-trust.org at angel.heaven.net.: Got referral to a.ns.cabal.web-o-trust.org. [took 98 ms] Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. = Don't think I will be running this test right away, at least not until they can keep their name servers up and responding. Bill - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 6:12 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Yep, it does appear to be back up now. However, for about an hour after I implemented the test, my bind logs showed that the server was not responding. Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 5:59 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Andy, do they seem to be responding to your IP4R queries. The site appears to be down from my perspective. http://www.dnsstuff.com/tools/lookup.ch?name=2.0.0.127.cabal.web-o-trust.orgtype=A shows that it is working. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
Let's keep in mind that Spammers likely are behind costly and viscous virus/worm attacks to create zombie machines for their benefit. They are also clearly coordinating their efforts in DOS attacks against anti-spam web-sites. In my book they have crossed the line from nuisance to organized crime or racketeering that causes significant economic loss. The combined money spent in anti-spam measures, cost of band-width for corporations and connection cost for individual users, not to speak about the cost involved with anti-virus defense and repairs amounts to a huge figure that could be spent on measures that could raise productivity elsewhere. If I only think of my own time spent every month on spam and virus defenses, it's enough to want to see these mafiosos put away for a long time, one at time. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Thursday, December 11, 2003 09:09 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges Obviously we all hate spam, but in a country where Enron's executives still haven't been charged with a crime, it seems that maybe we're making a bit too much out of an individual spammer. I consider these guys to be merely a nuisance on an individual basis and the only damage they are capable of on their own seems mostly to be the result of carelessness instead of something intentional. I think a moderate jail sentence for a first offense is reasonable, but they should be fined in an amount comparable to their revenues from such activities. I haven't read the article though, so maybe these guys are the worst of the worst and deserve something a bit more harsh. I'd just rather we jail violent felons for long periods of time instead of just people that lack good judgment or good moral character, especially since such sentences won't stop spammers, it will just cause them to move elsewhere, as they have already been doing for some time. Matt Todd Holt wrote: .02 The courts will see this as a victimless crime and give him a 2 month sentence, under house arrest, blah, blah, blah, ginger. Then companies can sue him in civil court for losses they can document... Can you document your monetary losses from SPAM from a specific source?? I know that I can't. That's what they count on. If they really wanted to stop SPAM they would, by making a mandatory 1 year in jail for conviction of sending a single piece of SPAM. That would make the punishment too great to risk committing the crime. Why do you think so many people break the speed limit? Not because they are unlikely to get caught, but if they do get caught, the punishment is only a small fine and traffic school (which you can now take at home in most states). The bottom line is that this is a political way to say they are doing something about the problem without spending a lot of money or effort on a problem they see as a nuisance. /.02 Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Keith Anderson Sent: Thursday, December 11, 2003 4:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges It's the five years that makes it a deterrent. Nobody cares about the amount of the arbitrary fines for committing murder, either. -Original Message- From: Todd Holt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 4:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I applaud there efforts, but... $2500 a piece will deter no one!!! http://www.washingtonpost.com/wp-dyn/articles/A56209-2003Dec11.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.