RE: [Declude.JunkMail] casino spam
Title: Message True, dat. Most of the high-tech business is in Vancouver and Victoria, which are the biggest cities in BC. The Vancouver Stock Exchange was scrapped after a decade of scams perpetrated on it; in a nutshell, investors were not protected and disclosure rules were far more lax than they are now. Most stocks that were listed were venture and speculative, so folks should have known better. The VSE was succeeded by the Canadian Venture Exchange, which hasn't had any scandals in, oh, the 5 years or so that's it's been around. Bandwidth is relatively cheap in Vancouver, and there was an explosion of dot-com activity in the boom years, particular with colo-hosting. It was a very attractive market and competition was fierce, but the margins were too thin for many companies. I'm disappointed when I find that spammers are so easily hosted at some of these "desperate" colo firms in my own backyard, but it's the market conditions. They value the spammers' dollars more than the dollars of their more traditional clients. At least one in Kelowna (about a 2 hour drive from Vancouver). Telus and Shaw are the big DSL and Cable providers, respectively, and both do a lame job of preventing security issues on those networks and their own email servers. Sympatico is Telus in the west, and Bell in Eastern Canada. Rogers was consumed by Shaw, but you still find Rogers Cable subscribers, which are mostly business customers. When I started to get spam that was from overseas but spamvertised porn at my own corporate provider, I complained to my sales guy and went up the chain. They rapped the other customer on the knuckles, he changed his IP addresses and the text of his message but not his modus operandi; in less than a a week or ten days, they "fired that customer". SpamHaus and others had briefly blacklisted large chunks of that provider (was Group Telecom (and 360 Networks before that) which is now owned by Bell). As far as strip clubs and triple X webhosting goes, we're pretty liberal. Not as liberal as Nevada mind you, but the government would rather make tax dollars from those businesses than make them illegal. And folks from Amsterdam would laugh themselves silly at the three or four blocks of downtown that constitute our "naughty district". Andrew 8) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Friday, February 25, 2005 4:56 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] casino spamYou can solve this problem by simply blacklisting British Columbia.Seriously though, it's strange how much of this stuff comes from there. In the penny stock world, this province also gained quite the reputation for fraud in the past. I won't mention the strip clubs. Andrew might be able to shed some light on that one...or maybe even all of those things :)MattPaul Navarre wrote: Ive actually noticed an increase specifically in gambling site spam myself. Paul Navarre Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
[Declude.JunkMail] casino spam
Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
Re: [Declude.JunkMail] casino spam
I've seen several kinds of spam increase in the last day. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 4:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
Re: [Declude.JunkMail] casino spam
Kyle, When willyou stop signing up for those gambling sites, you know you can't win? :) No reported increase on our side. David B www.declude.com - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 5:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
RE: [Declude.JunkMail] casino spam
Whats funny is I did sign up for an account a couple of weeks ago and I still havent won. I did it for the free set of poker chips. Thats what I figured. Its strange everything will be going fine for a few weeks then for some reason we get a small flood of something. Like casino. What I hate is that these messages getting through fail sniffer but thats it no other tests. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, February 25, 2005 4:51 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] casino spam Kyle, When willyou stop signing up for those gambling sites, you know you can't win? :) No reported increase on our side. David B www.declude.com - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 5:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
Re: [Declude.JunkMail] casino spam
Which can under certain circumstances be correct. If you had signed up with the websitethen declude is correct in identifying them as legitimate email. It is possible we could set up some additional filters to help with a specific type of Spam. David B www.declude.com - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 6:00 PM Subject: RE: [Declude.JunkMail] casino spam Whats funny is I did sign up for an account a couple of weeks ago and I still havent won. I did it for the free set of poker chips. Thats what I figured. Its strange everything will be going fine for a few weeks then for some reason we get a small flood of something. Like casino. What I hate is that these messages getting through fail sniffer but thats it no other tests. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David BarkerSent: Friday, February 25, 2005 4:51 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] casino spam Kyle, When willyou stop signing up for those gambling sites, you know you can't win? :) No reported increase on our side. David B www.declude.com - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 5:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
RE: [Declude.JunkMail] casino spam
Ive actually noticed an increase specifically in gambling site spam myself. Paul Navarre Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
Re[2]: [Declude.JunkMail] casino spam
On Friday, February 25, 2005, 5:50:45 PM, Glenn wrote: GW I've seen several kinds of spam increase in the last day. We're seeing a new porn campaign, a new kiddie porn campaign, a ramp-up of the current M$ software rip-off (media-theft) spam. We've seen a bit of a pick-up in the casino stuff too - particularly a campaign that encourages you to make a boatload of money running your own online casino etc... Almost enough to call it a spam storm but not quite... http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] casino spam
On Friday, February 25, 2005, 6:11:58 PM, David wrote: DB Which can under certain circumstances be correct. If you had DB signed up with the website then declude is correct in identifying DB them as legitimate email. It is possible we could set up some DB additional filters to help with a specific type of Spam. Most of the time what is happening is that the IPs for these (and often even the URI) have not been picked up by other services yet so the total weight doesn't get pushed over the threshold. We see these events as apparent false positives in our MDLP analysis (the red mark at the end of the SNIFFER test is mostly new spam that only SNF is seeing, not actually FPs) http://www.sortmonster.com/MDLP/MDLP-Example-Long.html An interesting test that might help is to keep track of connect (source) IPs that are new - or relatively new. This same mechanism is part of the requested Delay New IPs feature... but even before then, our research suggests that a test that provides a weight based on how new an IP source is could be quite helpful... So, for example: Days --- Weight 0 --- 64 1 --- 32 2 --- 16 4 --- 8 5 --- 4 6 --- 2 7 --- 1 8+--- 0 Based on a spam threshold of 100. On many systems a Day Zero IP along with SNF would be enough to filter the message out. After a couple of days other BLs are likely to take over. Just a thought ;-) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] casino spam
You can solve this problem by simply blacklisting British Columbia. Seriously though, it's strange how much of this stuff comes from there. In the penny stock world, this province also gained quite the reputation for fraud in the past. I won't mention the strip clubs. Andrew might be able to shed some light on that one...or maybe even all of those things :) Matt Paul Navarre wrote: Ive actually noticed an increase specifically in gambling site spam myself. Paul Navarre Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] casino spam
I added this to my ipfile today: 66.154.124.0/2966.154.124.0/29gamingpen.comadded 02-25-05 gamingpen, playerjuice and gamestrek all .com. Also in kind of a spammy neighborhood with several SBL entries near: 66.154.111.0/2466.154.111.0/24agooba.comadded 02-17-05SBL1370966.154.112.0/2466.154.112.0/24erfooble.comadded 02-05-05SBL2037866.154.113.0/2466.154.113.0/24gamblingadded 02-05-05SBL20539 - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 4:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
Re: [Declude.JunkMail] casino spam
If you do a lookup on ARIN, you will find that this netblock is delegated by BChosting, which is a subdivision of AssertiveNetworks. All of their IP space is treated as suspect by our system. You might also note their address...Vancouver, British Columbia... http://ws.arin.net/cgi-bin/whois.pl?queryinput=66.154.96.0 There is a smattering of legitimate traffic from AssertiveNetworks, but most of what you will see is in fact spam. Matt Scott Fisher wrote: I added this to my ipfile today: 66.154.124.0/2966.154.124.0/29gamingpen.comadded 02-25-05 gamingpen, playerjuice and gamestrek all .com. Also in kind of a spammy neighborhood with several SBL entries near: 66.154.111.0/2466.154.111.0/24agooba.comadded 02-17-05SBL13709 66.154.112.0/2466.154.112.0/24erfooble.comadded 02-05-05SBL20378 66.154.113.0/2466.154.113.0/24gamblingadded 02-05-05SBL20539 - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 4:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] casino spam
gambling, strip clubs, isBC the Nevada of Canada? - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 8:35 PM Subject: Re: [Declude.JunkMail] casino spam If you do a lookup on ARIN, you will find that this netblock is delegated by BChosting, which is a subdivision of AssertiveNetworks. All of their IP space is treated as suspect by our system. You might also note their address...Vancouver, British Columbia... http://ws.arin.net/cgi-bin/whois.pl?queryinput=66.154.96.0There is a smattering of legitimate traffic from AssertiveNetworks, but most of what you will see is in fact spam.MattScott Fisher wrote: I added this to my ipfile today: 66.154.124.0/2966.154.124.0/29gamingpen.comadded 02-25-05 gamingpen, playerjuice and gamestrek all .com. Also in kind of a spammy neighborhood with several SBL entries near: 66.154.111.0/2466.154.111.0/24agooba.comadded 02-17-05SBL1370966.154.112.0/2466.154.112.0/24erfooble.comadded 02-05-05SBL2037866.154.113.0/2466.154.113.0/24gamblingadded 02-05-05SBL20539 - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 4:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] casino spam
So its not just me getting it. I thought maybe it was pay back for not betting enough when I play. Gamestrek is the biggest one I am seeing. Thanks for the info didnt know about British Columbia. Scott is the MAILFROM-IP.txt filter ok to use since you did all the work? If it is do I just add the statements you posted Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, February 25, 2005 8:43 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] casino spam gambling, strip clubs, isBC the Nevada of Canada? - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 8:35 PM Subject: Re: [Declude.JunkMail] casino spam If you do a lookup on ARIN, you will find that this netblock is delegated by BChosting, which is a subdivision of AssertiveNetworks. All of their IP space is treated as suspect by our system. You might also note their address...Vancouver, British Columbia... http://ws.arin.net/cgi-bin/whois.pl?queryinput=66.154.96.0 There is a smattering of legitimate traffic from AssertiveNetworks, but most of what you will see is in fact spam. Matt Scott Fisher wrote: I added this to my ipfile today: 66.154.124.0/2966.154.124.0/29gamingpen.comadded 02-25-05 gamingpen, playerjuice and gamestrek all .com. Also in kind of a spammy neighborhood with several SBL entries near: 66.154.111.0/2466.154.111.0/24agooba.comadded 02-17-05SBL13709 66.154.112.0/2466.154.112.0/24erfooble.comadded 02-05-05SBL20378 66.154.113.0/2466.154.113.0/24gamblingadded 02-05-05SBL20539 - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 4:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
Re: [Declude.JunkMail] casino spam
Kyle, On a side note gamestrek . com has been getting caughton SURBL multi for most of the day today. Doing URI lookup's in the URI RBL'shasbeenvery effectivefor us incatching a lot of the new spam campaigns. Darrell ---Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 10:44 PM Subject: RE: [Declude.JunkMail] casino spam So its not just me getting it. I thought maybe it was pay back for not betting enough when I play. Gamestrek is the biggest one I am seeing. Thanks for the info didnt know about British Columbia. Scott is the MAILFROM-IP.txt filter ok to use since you did all the work? If it is do I just add the statements you posted Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Friday, February 25, 2005 8:43 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] casino spam gambling, strip clubs, isBC the Nevada of Canada? - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 8:35 PM Subject: Re: [Declude.JunkMail] casino spam If you do a lookup on ARIN, you will find that this netblock is delegated by BChosting, which is a subdivision of AssertiveNetworks. All of their IP space is treated as suspect by our system. You might also note their address...Vancouver, British Columbia... http://ws.arin.net/cgi-bin/whois.pl?queryinput=66.154.96.0There is a smattering of legitimate traffic from AssertiveNetworks, but most of what you will see is in fact spam.MattScott Fisher wrote: I added this to my ipfile today: 66.154.124.0/2966.154.124.0/29gamingpen.comadded 02-25-05 gamingpen, playerjuice and gamestrek all .com. Also in kind of a spammy neighborhood with several SBL entries near: 66.154.111.0/2466.154.111.0/24agooba.comadded 02-17-05SBL1370966.154.112.0/2466.154.112.0/24erfooble.comadded 02-05-05SBL2037866.154.113.0/2466.154.113.0/24gamblingadded 02-05-05SBL20539 - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 4:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
