Re: [Declude.JunkMail] Earthlink Porn Spam
Thanks,,, H. - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Monday, November 01, 2004 3:46 PM Subject: Re: [Declude.JunkMail] Earthlink Porn Spam i360 Support wrote: I am still getting a ton of porn spam from Earthlink. I report it but it does not help much. Any suggestions on how to stop this crap? Attached is the filter that I use to kill this stuff. Last I checked, there were two different spammers that were cracking AUTH to get this stuff through, and their patterns don't seem to have changed, although they probably will and/or more will come.Matt-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = # HACKEDEARTHLINK v1.1.0REVDNS END NOTCONTAINS .earthlink.netMAILFROM END CONTAINS earthlinkMAILFROM END CONTAINS mindspringREMOTEIP 2 CONTAINS .SUBJECT 10 CONTAINS =?windows-1251?b?HEADERS 15 CONTAINS User-Agent: aolTESTSFAILED 2 CONTAINS SNIFFER-TESTSFAILED 1 CONTAINS FOREIGNTESTSFAILED 1 CONTAINS BADHEADERSTESTSFAILED 2 CONTAINS (ALL)TESTSFAILED -2 CONTAINS (LAST)TESTSFAILED 2 CONTAINS SPAMCOP(ALL)TESTSFAILED 2 CONTAINS XBL(ALL)TESTSFAILED 1 CONTAINS DSBL(ALL)
[Declude.JunkMail] annoying spammer
We have been swamped with spam from United Email Marketing.Below is a list of IP addresses and domains used to send the crap.Sniffer does not catch them and I can't stop them.Does anyone have a solution on how to get rid of them?207.43.11.191207.43.11.192207.43.12.187205.241.69.176205.241.69.175205.241.71.182205.241.72.177205.241.73.187205.241.73.168205.241.68.178205.241.75.170205.241.75.176207.43.11.191207.43.11.192207.43.9.183207.43.8.192207.43.6.175207.43.4.186205.241.76.183205.241.77.182205.241.77.172205.241.81.186205.241.82.184204.95.128.193204.95.129.174uniecommerce.com=20unpitch.comunpromotion.comunplugging.netunmtransactor.comunmpr.comunmplugger.comunnotice.com=20unmmarketer.comunitrucking.comunipurchaser.comuniebuying.comuntrucking.comuntrucker.comuntrafficker.com=20unseller.comuemrbuying.com=20uemrcommerce.comuemrenterprise.comumrmailclient.comumrexchanger.com- Original Message -=20From: Mortgage Connectors=20To: [EMAIL PROTECTED]Sent: Monday, October 04, 2004 3:12 AMSubject: SPAM: Make the Lenders Compete Over You=20Your energies are just mismatched these days. You will gain confidence =in your abilities if you say no to those wanting you to do for them =instead of for yourself. Your energies are just mismatched these days. =Who knew that romance could be so fun? Buy flowers. Write poetry. Order =dessert.You will attract a potential partner. Play your cards right. The big =picture is as crucial as the small one. Consult an expert for help. =Nothing will be as it appears. Be careful.=20Your creative talent must be implemented in your work if you want to =reach a higher level. What you get now is what you wanted all along. =Your energies are just mismatched these days. You will attract a =potential partner. Play your cards right.You find pleasure wherever you look -- and maybe in a few surprising =places as well. You are in a very industrious and creative cycle that =will bring you profits and satisfaction. Avoid opposition for a little =while. As the song says Later on you can decide whether this is the =beginning of a permanent change.aGVpbWlyQHRyb2xsd2ViLmNvbQ=3D=3D=20=2010.1.1.241826112252 --=_NextPart_000_06EA_01C4A99D.138B9190Content-Type: text/html;charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"HTMLHEADMETA http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"META content=3D"MSHTML 6.00.2900.2180" name=3DGENERATORSTYLE/STYLE/HEADBODY bgColor=3D#ffDIVFONT face=3DArial size=3D2We have been swamped with spam from =United Email=20Marketing./FONT/DIVDIVFONT face=3DArial size=3D2Below is a list of IP addresses and =domains used to=20send the crap./FONT/DIVDIVFONT face=3DArial size=3D2/FONTnbsp;/DIVDIVFONT face=3DArial size=3D2Sniffer does not catch them and I can't =stop=20them./FONT/DIVDIVFONT face=3DArial size=3D2/FONTnbsp;/DIVDIVFONT face=3DArial size=3D2Does anyone have a solution on how to =get rid of=20them?/FONT/DIVDIVFONT face=3DArial size=3D2/FONTnbsp;/DIVDIVFONT face=3DArial size=3D2/FONTnbsp;/DIVDIVFONT face=3DArial size=3D2/FONTnbsp;/DIVDIVFONT face=3DArial=20size=3D2207.43.11.191BR207.43.11.192BR207.43.12.187BR205.241.69.17=6BR205.241.69.175BR205.241.71.182BR205.241.72.177BR205.241.73.187=BR205.241.73.168BR205.241.68.178BR205.241.75.170BR205.241.75.176=BR207.43.11.191BR207.43.11.192BR207.43.9.183BR207.43.8.192BR207.=43.6.175BR207.43.4.186BR205.241.76.183BR205.241.77.182BR205.241.7=7.172BR205.241.81.186BR205.241.82.184BR204.95.128.193BR204.95.129=.174/FONT/DIVDIVnbsp;/DIVDIVFONT face=3DArial size=3D2/FONTnbsp;/DIVDIVnbsp;/DIVDIVFONT face=3DArial size=3D2uniecommerce.com=20BRunpitch.comBRunpromotion.comBRunplugging.netBRunmtransactor.com=BRunmpr.comBRunmplugger.comBRunnotice.com=20BRunmmarketer.comBRunitrucking.comBRunipurchaser.comBRuniebuying.=comBRuntrucking.comBRuntrucker.comBRuntrafficker.com=20BRunseller.comBRuemrbuying.com=20BRuemrcommerce.comBRuemrenterprise.comBRumrmailclient.comBRumrexc=hanger.com/FONT/DIVDIVFONT face=3DArial size=3D2/FONTnbsp;/DIVDIVnbsp;/DIVDIV style=3D"FONT: 10pt arial"- Original Message -=20DIV style=3D"BACKGROUND: #e4e4e4; font-color: black"BFrom:/B A=20[EMAIL PROTECTED]href="">mailto:[EMAIL PROTECTED]"Mortgage Connectors/A =/DIVDIVBTo:/B A [EMAIL PROTECTED]href="">mailto:[EMAIL PROTECTED]"[EMAIL PROTECTED]/A /DIVDIVBSent:/B Monday, October 04, 2004 3:12 AM/DIVDIVBSubject:/B SPAM: Make the Lenders Compete Over You/DIV/DIVDIVBR/DIVA=20href="">http://844.umrexchanger.com/106519/[EMAIL PROTECTED].=com"IMG=20src="">http://6485.umrexchanger.com/[EMAIL PROTECTED]" =border=3D0/A=20BRBRBRBRBRBRYour energies are just mismatched these days. =You will=20gain confidence in your abilities if you say no to those wanting you to =do for="">them instead of for yourself. Your energies are just mismatched these =days. Who=20knew that romance could be so fun? Buy flowers. Write poetry.
Re: [Declude.JunkMail] Fw: Help, I have been blacklisted
- Original Message - From: Bud Durland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 13, 2004 12:22 PM Subject: Re: [Declude.JunkMail] Fw: Help, I have been blacklisted Richard Farris wrote: I have been delisted from SPAMCOP...whew...but I still am in the red with these guys: PSBL JAMMDNSBL BLARSBL I remember right, once you are on BLARS, you don't ever get off... something about paying him exorbitant amount of money to see if it's worth his time to remove you. I suspect many responsible mail admins don't use BLARSBL because of that. BLARSBL sounds more like a blackmail list then a blacklist. I read about him before and it was not in his favor. We do not use it. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Message header review
Can someone help me with the header of this message. I think this came from earthlink.net mail server. According to earthlink abuse they can't do anything about this type of spam since it did not originate from their network. We get porn spam from this segement all the time. Received: from asmtp-a063f33.pas.sa.earthlink.net [207.217.120.149] by deepspace.i360.net with ESMTP (SMTPD32-7.15) id A94339680150; Thu, 22 Jul 2004 10:12:03 -0500Received: from 68-235-252-102.atlsfl.adelphia.net ([68.235.252.102])by asmtp-a063f33.pas.sa.earthlink.net with asmtp (Exim 4.34)id 1BnfBN-00062N-F4; Thu, 22 Jul 2004 08:08:32 -0700Message-ID: [EMAIL PROTECTED]Reply-To: "=?windows-1251?B?Y2FtZWxsaWE=?=" [EMAIL PROTECTED]From: "=?windows-1251?B?Y2FtZWxsaWE=?=" [EMAIL PROTECTED]Subject: SPAM: =?windows-1251?B?QnJpZGdldCBtb25yb2Ugc3Vja2luZyBhIGhhcmQgY29jayB2ZXJ5IGRlZXA=?=Date: Thu, 22 Jul 2004 00:56:07 -0400MIME-Version: 1.0Content-Type: text/html;charset="windows-1251"Content-Transfer-Encoding: 7bitX-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.2600.X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.X-ELNK-Trace: 006cdaaeaf6f69a98241270f52c7d65b7e972de0d01da9401ceba94723fb6a47959954e32e1a9354350badd9bab72f9c350badd9bab72f9c350badd9bab72f9cX-Originating-IP: 68.235.252.102X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [840a].X-Declude-Sender: [EMAIL PROTECTED] [207.217.120.149]X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, BADHEADERS, WEIGHT10 [11]X-Note: This E-mail was sent from asmtp-a063f33.pas.sa.earthlink.net ([207.217.120.149]).X-RCPT-TO: [EMAIL PROTECTED]Status: UX-UIDL: 384479918
Re: [Declude.JunkMail] Message header review
I have forwarded several spam emails to [EMAIL PROTECTED] but the only response I get back is that the email did not originate from their network. Its really annoying that they don't give a shit. I would have blocked them if it had not been for one of my clients needing email from that server (they have a client that hosts with earthlink). Thanks to all for the responses. Heimir - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Thursday, July 22, 2004 4:07 PM Subject: Re: [Declude.JunkMail] Message header review Earthlink has for some reason been forwarding spam through this server for some time. I'm not sure what the setup is, but it's a legitimate Earthlink server and the E-mail originates from a spam zombie.I have thought about IPBYPASS'ing this server in order to capture the real source, but I have yet to confirm if this server is just used for forwarding or what the case may be. It could be that this is an open relay, a forwarding server, or a full fledged mail server. I am guessing the first.Matti360 Support wrote: Can someone help me with the header of this message. I think this came from earthlink.net mail server. According to earthlink abuse they can't do anything about this type of spam since it did not originate from their network. We get porn spam from this segement all the time. Received: from asmtp-a063f33.pas.sa.earthlink.net [207.217.120.149] by deepspace.i360.net with ESMTP (SMTPD32-7.15) id A94339680150; Thu, 22 Jul 2004 10:12:03 -0500Received: from 68-235-252-102.atlsfl.adelphia.net ([68.235.252.102])by asmtp-a063f33.pas.sa.earthlink.net with asmtp (Exim 4.34)id 1BnfBN-00062N-F4; Thu, 22 Jul 2004 08:08:32 -0700Message-ID: [EMAIL PROTECTED]Reply-To: "=?windows-1251?B?Y2FtZWxsaWE=?=" [EMAIL PROTECTED]From: "=?windows-1251?B?Y2FtZWxsaWE=?=" [EMAIL PROTECTED]Subject: SPAM: =?windows-1251?B?QnJpZGdldCBtb25yb2Ugc3Vja2luZyBhIGhhcmQgY29jayB2ZXJ5IGRlZXA=?=Date: Thu, 22 Jul 2004 00:56:07 -0400MIME-Version: 1.0Content-Type: text/html;charset="windows-1251"Content-Transfer-Encoding: 7bitX-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.2600.X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.X-ELNK-Trace: 006cdaaeaf6f69a98241270f52c7d65b7e972de0d01da9401ceba94723fb6a47959954e32e1a9354350badd9bab72f9c350badd9bab72f9c350badd9bab72f9cX-Originating-IP: 68.235.252.102X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [840a].X-Declude-Sender: [EMAIL PROTECTED] [207.217.120.149]X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, BADHEADERS, WEIGHT10 [11]X-Note: This E-mail was sent from asmtp-a063f33.pas.sa.earthlink.net ([207.217.120.149]).X-RCPT-TO: [EMAIL PROTECTED]Status: UX-UIDL: 384479918-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] Report System
Please add me too. Would like to see it. Thanks Heimir - Original Message - From: James James [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 01, 2003 10:53 AM Subject: Re: [Declude.JunkMail] Report System I hate filling the list with another of these, but I would like a copy to. This sounds like the utility I've always wanted but could never find. Thanks James James Help Desk/Systems Administration Lile International - Original Message - From: Dave Jordan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 01, 2003 8:44 AM Subject: Re: [Declude.JunkMail] Report System Hey, Don't leave me out! It looks like it's just what the Dr. ordered. Dave Jordan - Original Message - From: GlobalWeb.net Webmaster [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 01, 2003 11:23 AM Subject: RE: [Declude.JunkMail] Report System Add me to the list too - a donation will be in order... Sincerely, Randy Armbrecht Global Web SolutionsR, Inc. 804-346-5300 ext. 1 877-800-GLOBAL (4562) ext. 1 http://globalweb.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shayne Embry Sent: Friday, August 01, 2003 11:07 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Report System Darrel, Maybe you should start charging for it. As long as you're not...please include me. (Actually, I'd consider a donation if it works as well as you claim.) Thanks, Shayne Embry [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn Brooks Sent: Friday, August 01, 2003 9:48 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Report System add me, also At 12:17 PM 8/1/2003 +0200, you wrote: Hi Darrel, Please add me to your list, I'd love to try it out Best regards Lachezar [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of VanTech.Net Sent: Thursday, July 31, 2003 11:40 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Report System Darrel, I would be interested in trying it out. I like Delog, but I would like to have some format options such as .html. Thank you, Aaron Caviglia [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Thursday, July 31, 2003 2:06 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Report System Terry, I used delog for awhile, but I needed several other features that did not come with delog. So I developed an application that had all of the features that I needed. Below is a sample report that I generated(tab format). The reports can be in tab, csv, or html format and you have the ability to email them as well. There are many other things that dlanalyzer can report on. You can get reports on domains, users, tests, and different reporting periods. The combinations are endless. Right now I am finishing up database support and a few other miscellaneous features I wanted to add in.. If you would like to try it out let me know and I will make it available.. Darrell Start Time: 6/1/2003 12:00:00 AM End Time: 6/2/2003 12:00:00 AM Total Messages: 25935 Messages That Failed: 18252 Spam Percentage: 70.38% TEST# FAILEDPercentage BADHEADERS 373514.40% BASE64 12034.64% BLACKLIST 13255.11% COMMENTS668 2.58% DECREASEIPWGHT 40 0.15% DECREASEWEIGHT 557 2.15% DECREASEWEIGHTLOW 313 1.21% DSBL380714.68% DSN 12154.68% EASYNET-DNSBL 741828.60% FXBLACKLIST 25749.92% HELOBOGUS 477618.42% HEUR10 289911.18% IPBLACKLIST 5 0.02% MAILFROM385 1.48% NJABL 408 1.57% NOABUSE 334112.88% NONENGLISH 214 0.83% NOPOSTMASTER402015.50% OLDEMPLOYEE 29 0.11% ORDB261 1.01% OSDUL 113 0.44% OSLIST 2 0.01% OSRELAY 343 1.32% OSSOFT 326512.59% OSSRC 3308
