[Declude.JunkMail] spam getting through

2010-07-28 Thread Harry Vanderzand
Until recently I have very little spam getting through

 

But lately spam like the following pattern get through:

 

juonte arm mldlgdb zegvq http://fixkweragc.hpage.com b qifdgll. xz, qrxwuf
wtx n.

 

Is there any way these can be trapped?

 

 

 

Thank you

 

Please note our new Address

 

Harry Vanderzand

Intown Internet

740 Erbsville Road

Waterloo, On, N2J 3Z4

519-741-1222

 

DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying,or distribution of the message, or any
action or omission taken by you in reliance on it, is prohibited and may be
unlawful. Please immediately contact the sender if you have received this
message in error. Thank you. 

 

 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: Re: Re[2]: [Declude.JunkMail] Spam getting through

2004-10-30 Thread Darin Cox
Perhaps some...but a few <$10 domain names for a spam job that they charge
several hundred dollars for still yields a high profit margin.

A few months ago, against my advice, a customer of mine engaged a firm over
in Clearwater, FL to send out 2 million emails for him to one of their
"optin" lists.  Once I convinced them to send me a "test", I verified that
they were one of the larger Florida spammers.  My customer paid them $600
for their services which also included slight reformatting of his pre-made
email ad and redirection of links in the email through their systems to his
website.

I'm sure that setup cost them less than an hour's work, at most two once you
consider the sales time.  With overhead (including all operating expenses,
equipment, software, etc.) I doubt that costs them any more than
$100/hrwhich means they're making at least $400 pure profit from the
deal.  So a few $10 domain names don't put much of a dent in their profits.

Darin.


- Original Message - 
From: "Kim Premuda" <[EMAIL PROTECTED]>
To: "Declude JunkMail Forum" <[EMAIL PROTECTED]>
Sent: Saturday, October 30, 2004 1:34 AM
Subject: FWD: Re: Re[2]: [Declude.JunkMail] Spam getting through


-- Original Message --
From: "Sheldon Koehler" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Thu, 28 Oct 2004 12:12:11 -0700


It is obvious they are using "disposable" domain names. They come in flavors
like gbzqrx.info and so on.

---

Interesting point. At first, I could not understand how spammers could
afford "disposable" domain names. Then, I came to the conclusion that they
are also bona fide domain name registrars...it costs them nothing to
register thousands of "disposable" domain names.



--
Kim W. Premuda
FastWave Internet Services
San Diego, CA

--
---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


FWD: Re: Re[2]: [Declude.JunkMail] Spam getting through

2004-10-29 Thread Kim Premuda
-- Original Message --
From: "Sheldon Koehler" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Thu, 28 Oct 2004 12:12:11 -0700


It is obvious they are using "disposable" domain names. They come in flavors like 
gbzqrx.info and so on.

---

Interesting point. At first, I could not understand how spammers could afford 
"disposable" domain names. Then, I came to the conclusion that they are also bona fide 
domain name registrars...it costs them nothing to register thousands of "disposable" 
domain names.



--
Kim W. Premuda
FastWave Internet Services
San Diego, CA

--
---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: Re[2]: [Declude.JunkMail] Spam getting through

2004-10-28 Thread R. Scott Perry

Check my logic on this...
For the first rule we would run the external filter DELAYSCANANDDELIVER.
The external .exe checks the sender IP against the database and either
issues exit code 0 (process) 1 (STOPALLTESTS)
If the external .exe doesn't find an IP w/ proper timeset offset in the
database then it would move the Imail Q.SMD files to a hold folder, add the
IP with timestamp to the database.
The question for Scott is how would Declude/Imail react when the Q.SMD file
disappears during the processing?
You should see warnings in the Declude log files, as Declude tries to 
access the file.  However, aside from that, I believe that it should work.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.


This outgoing message is guaranteed to be authentic by Message Level users.
Guarantee the authenticity of your email @ http://www.messagelevel.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re[4]: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Pete McNeil
On Thursday, October 28, 2004, 5:37:13 PM, Mark wrote:

>> This is a good argument for the delayed-scan-and-deliver



MES> Pete,
MES> That's a great idea but I'm guessing we could do this with an External
MES> program, SQL DB/txt file, and Declude.

MES> Scott,
MES> Check my logic on this...
MES> For the first rule we would run the external filter DELAYSCANANDDELIVER.
MES> The external .exe checks the sender IP against the database and either
MES> issues exit code 0 (process) 1 (STOPALLTESTS)
MES> If the external .exe doesn't find an IP w/ proper timeset offset in the
MES> database then it would move the Imail Q.SMD files to a hold folder, add the
MES> IP with timestamp to the database.
MES> The question for Scott is how would Declude/Imail react when the Q.SMD file
MES> disappears during the processing?

MES> Is this what you had in mind Pete?

Very close. Actually I'm thinking that the existing overflow queue
logic would work well. Simply, if the Have-I-Seen-This test fails then
the message is pushed into a DelayedScan queue. Everything older than
UserSpecifiedDelay that is in the DelayedScan queue gets put into the
overflow queue to be processed - or simply picked up and scanned as if
it were.

As I understand it, the overflow queue gets scanned as it is put back
- so this is a fairly minor trick.

_M



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re[4]: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Pete McNeil
On Thursday, October 28, 2004, 3:12:11 PM, Sheldon wrote:

>> This is a good argument for the delayed-scan-and-deliver feature I
>> suggested previously. The porn guys you are probably talking about we
>> call the "mad-lib pornsters". Every day or so they will come out with
>> a brand new set of domains delivering a wide array of porn traffic.
>> Actually, our robots usually manage to pick up quite a bit of it, but
>> they have huge bandwidth behind them so they get quite a bit of
>> content out before the updated rules can go in place.

SK> It is obvious they are using "disposable" domain names. They come in flavors
SK> like gbzqrx.info and so on. By the time my customers check their email,
SK> forward it to me and then I forward it to Sniffer, it is probably 6-24 hours
SK> old. How many millions have been delivered in that time? Ugh...

Luckily we get these in spamtraps almost immediately. If a robot
picks it up then the next outgoing rulebase will catch it. If one of
us picks it up then there may be couple of hours extra (we don't have
a 24-7 Spam-Noc yet) but it will still get nailed soon.

As it turns out, throw-away or not these domains get used for quite a
while. And, as it also turns out many of them come back to life 6-9
months later after dormancy. (These ones get picked up by our deep
scans and reactivated.)

It's a tough problem, but a simple delay will go along way toward
making these throw-away mechanisms useless. Simply don't listen to
anything new until a bit later and the filtering mechanisms will
always have time to react (since they listen to everything in
real-time).

_M


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: Re[2]: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Mark E. Smith
> This is a good argument for the delayed-scan-and-deliver
> feature I suggested previously. The porn guys you are
> probably talking about we call the "mad-lib pornsters". Every
> day or so they will come out with a brand new set of domains
> delivering a wide array of porn traffic.
> Actually, our robots usually manage to pick up quite a bit of
> it, but they have huge bandwidth behind them so they get
> quite a bit of content out before the updated rules can go in place.

Pete,
That's a great idea but I'm guessing we could do this with an External
program, SQL DB/txt file, and Declude.

Scott,
Check my logic on this...
For the first rule we would run the external filter DELAYSCANANDDELIVER.
The external .exe checks the sender IP against the database and either
issues exit code 0 (process) 1 (STOPALLTESTS)
If the external .exe doesn't find an IP w/ proper timeset offset in the
database then it would move the Imail Q.SMD files to a hold folder, add the
IP with timestamp to the database.
The question for Scott is how would Declude/Imail react when the Q.SMD file
disappears during the processing?

Is this what you had in mind Pete?



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: Re[2]: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Darin Cox
PM> they have huge bandwidth behind them so they get quite a bit of
PM> content out before the updated rules can go in place.

You're not kidding about the bandwidth.  There's a medium-sized hosting
center in downtown Tampa that was an offshoot from one of the largest porn
websites.  Their content aside, they actually had a very good business model
for purchasing spare bandwidth from a number of communications providers at
pennies on the dollar, then reselling it at lower rates than their
competition.  They have half a dozen or more providers coming into their
building, mostly for blasting out online video, but I'm sure a significant
amount of spam comes from there as well.

Once we realized who they were, we couldn't use them in good conscience, but
we certainly were impressed by their business sense.

Darin.


- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: "Sheldon Koehler" <[EMAIL PROTECTED]>
Sent: Thursday, October 28, 2004 2:58 PM
Subject: Re[2]: [Declude.JunkMail] Spam getting through


On Thursday, October 28, 2004, 1:29:55 PM, Sheldon wrote:

>>

SK> We have been experiencing the same thing. The spammers seem to be
getting
SK> better at passing filters and probably changing IPs and domains as fast
as
SK> they can be listed in the spam databases. We have some really hard core
SK> coming to a few users and passing all tests including Sniffer.
>>

SK> Most of it is porno and they are not failing mailpolice-porn on top of
SK> sniffer-porn.

SK> John, the logs are fine, they just do not seem to fail ANY tests. They
look
SK> like a normal email.

This is a good argument for the delayed-scan-and-deliver feature I
suggested previously. The porn guys you are probably talking about we
call the "mad-lib pornsters". Every day or so they will come out with
a brand new set of domains delivering a wide array of porn traffic.
Actually, our robots usually manage to pick up quite a bit of it, but
they have huge bandwidth behind them so they get quite a bit of
content out before the updated rules can go in place.

If email from a previously unknown source (from address & IP) were
simply delayed for some configurable number of hours before
consideration then these mechanisms would be rendered inoperative for
the spammers.

Users tend not to have an immediate expectation of response on first
contact - so the delay imposed will generally not matter for
legitimate messages.

For the spam content, a few hours might be all that is needed to get
DNSBLs and other rule-bases (like Message Sniffer) up to speed so that
the bad stuff never gets through.

Anybody that the server already knows gets right through (subject to
normal scanning of course).



_M



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: Re[2]: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Sheldon Koehler
This is a good argument for the delayed-scan-and-deliver feature I
suggested previously. The porn guys you are probably talking about we
call the "mad-lib pornsters". Every day or so they will come out with
a brand new set of domains delivering a wide array of porn traffic.
Actually, our robots usually manage to pick up quite a bit of it, but
they have huge bandwidth behind them so they get quite a bit of
content out before the updated rules can go in place.
It is obvious they are using "disposable" domain names. They come in flavors 
like gbzqrx.info and so on. By the time my customers check their email, 
forward it to me and then I forward it to Sniffer, it is probably 6-24 hours 
old. How many millions have been delivered in that time? Ugh...

Sheldon
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re[2]: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Pete McNeil
On Thursday, October 28, 2004, 1:49:25 PM, Andrew wrote:

CA> No, I haven't seen this.

CA> But I have meant to ask if others on the list are seeing that their spam
CA> volumes are up in the last week.  I have, by a 10% increase.  What I'm
CA> seeing is not more spam getting to mailboxes, just more spam volume.  Viral
CA> activity has been constant.

We're seeing this:

Days Ago Adjustments
 ---

0572
1822
2963
3583
4479
5421
6565
7665
8659
9852
10   683
11   434
12   513
13   652
14   743
15   949



It looks like there was a bit of a lull there. However in the past two
days (and today seems headed in that direction) we have seen a pretty
big swell in "new" spam. 963, 822, 572-already today.

_M



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re[2]: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Pete McNeil
On Thursday, October 28, 2004, 1:29:55 PM, Sheldon wrote:

>>

SK> We have been experiencing the same thing. The spammers seem to be getting
SK> better at passing filters and probably changing IPs and domains as fast as
SK> they can be listed in the spam databases. We have some really hard core
SK> coming to a few users and passing all tests including Sniffer.
>>

SK> Most of it is porno and they are not failing mailpolice-porn on top of
SK> sniffer-porn.

SK> John, the logs are fine, they just do not seem to fail ANY tests. They look
SK> like a normal email.

This is a good argument for the delayed-scan-and-deliver feature I
suggested previously. The porn guys you are probably talking about we
call the "mad-lib pornsters". Every day or so they will come out with
a brand new set of domains delivering a wide array of porn traffic.
Actually, our robots usually manage to pick up quite a bit of it, but
they have huge bandwidth behind them so they get quite a bit of
content out before the updated rules can go in place.

If email from a previously unknown source (from address & IP) were
simply delayed for some configurable number of hours before
consideration then these mechanisms would be rendered inoperative for
the spammers.

Users tend not to have an immediate expectation of response on first
contact - so the delay imposed will generally not matter for
legitimate messages.

For the spam content, a few hours might be all that is needed to get
DNSBLs and other rule-bases (like Message Sniffer) up to speed so that
the bad stuff never gets through.

Anybody that the server already knows gets right through (subject to
normal scanning of course).



_M



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Matt
I'm not seeing anything out of the ordinary this week.
One thing of note however.  When the dictionary attacks started coming 
in force to my domains, I saw a huge shift from static spam to zombie 
spam.  It turns out that much of this was just simply garbage going to 
bad addresses.  One spammer accounts for over 25% of my mail volume, all 
from dictionary attacks (I have about 10 domains involved with these on 
and off).  I've also noted that there are some spammers that are 
repeatedly slamming their harvested lists from some of my larger 
domains.  A 10% increase could just simply be one such spammer.  There 
are two very high volume zombie spammers that have been attacking legit 
addresses on our server for at least a month now.  I wouldn't be 
surprised to see another 5% to 10% of our volume between the two of them.

Static spammers have been more problematic for us than in the past.  
Primarily because these guys are using new IP space and going full force 
from the start.  Something else that I noticed was some of the very high 
volume zombie spam not getting tagged by Sniffer or SURBL for over 24 
hours at times, which leads me to believe that they are getting smarter 
and using specific payload domains across a select group of recipient 
domains in order to avoid detection.  One spammer managed to do this 
repeatedly, so I'm pretty sure about that.  Seems like SURBL has caused 
spammers to start to enhance their techniques yet again.

Matt

Colbeck, Andrew wrote:
No, I haven't seen this.
But I have meant to ask if others on the list are seeing that their spam
volumes are up in the last week.  I have, by a 10% increase.  What I'm
seeing is not more spam getting to mailboxes, just more spam volume.  Viral
activity has been constant.
Andrew 8)
-Original Message-
From: Sheldon Koehler [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 28, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spam getting through

Lately we have been seeing a lot of spam getting through passing ALL tests. 
We are starting to get complaints from customers on this and I wonder if we 
are alone in this problem or not. These are all coming in with a  weight of 
0, no whitelisting or any simple tests are failing (i.e. rDNS).

Sheldon

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
 

--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Rick Davidson
I have seen an increase in volume the past week but have had very little 
make it to the users

Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message - 
From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 28, 2004 1:49 PM
Subject: RE: [Declude.JunkMail] Spam getting through


No, I haven't seen this.
But I have meant to ask if others on the list are seeing that their spam
volumes are up in the last week.  I have, by a 10% increase.  What I'm
seeing is not more spam getting to mailboxes, just more spam volume. 
Viral
activity has been constant.

Andrew 8)
-Original Message-
From: Sheldon Koehler [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 28, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spam getting through
Lately we have been seeing a lot of spam getting through passing ALL 
tests.
We are starting to get complaints from customers on this and I wonder if 
we
are alone in this problem or not. These are all coming in with a  weight 
of
0, no whitelisting or any simple tests are failing (i.e. rDNS).

Sheldon

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Colbeck, Andrew
No, I haven't seen this.

But I have meant to ask if others on the list are seeing that their spam
volumes are up in the last week.  I have, by a 10% increase.  What I'm
seeing is not more spam getting to mailboxes, just more spam volume.  Viral
activity has been constant.

Andrew 8)

-Original Message-
From: Sheldon Koehler [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 28, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spam getting through


Lately we have been seeing a lot of spam getting through passing ALL tests. 
We are starting to get complaints from customers on this and I wonder if we 
are alone in this problem or not. These are all coming in with a  weight of 
0, no whitelisting or any simple tests are failing (i.e. rDNS).

Sheldon



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Rick Davidson
have you looked at the headers and body source to determine why they are 
getting through and what you need to add to your filters to stop them? There 
is usually some type of common finger print you can filter on. If it is not 
failing those other tests its likely they havent seen the messages, its up 
to you to keep adjusting your filters.

Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message - 
From: "Sheldon Koehler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 28, 2004 1:29 PM
Subject: Re: [Declude.JunkMail] Spam getting through


>
We have been experiencing the same thing. The spammers seem to be getting
better at passing filters and probably changing IPs and domains as fast as
they can be listed in the spam databases. We have some really hard core
coming to a few users and passing all tests including Sniffer.

Most of it is porno and they are not failing mailpolice-porn on top of 
sniffer-porn.

John, the logs are fine, they just do not seem to fail ANY tests. They 
look like a normal email.

Sheldon
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Sheldon Koehler

We have been experiencing the same thing. The spammers seem to be getting
better at passing filters and probably changing IPs and domains as fast as
they can be listed in the spam databases. We have some really hard core
coming to a few users and passing all tests including Sniffer.

Most of it is porno and they are not failing mailpolice-porn on top of 
sniffer-porn.

John, the logs are fine, they just do not seem to fail ANY tests. They look 
like a normal email.

Sheldon
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Spam getting through

2004-10-28 Thread John Tolmachoff \(Lists\)
Time to review the logs and see what is going on.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Sheldon Koehler
> Sent: Thursday, October 28, 2004 9:45 AM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] Spam getting through
> 
> Lately we have been seeing a lot of spam getting through passing ALL
tests.
> We are starting to get complaints from customers on this and I wonder if
we
> are alone in this problem or not. These are all coming in with a  weight
of
> 0, no whitelisting or any simple tests are failing (i.e. rDNS).
> 
> Sheldon
> 
> 
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Spam getting through

2004-10-28 Thread Woody Fussell
We have been experiencing the same thing. The spammers seem to be getting
better at passing filters and probably changing IPs and domains as fast as
they can be listed in the spam databases. We have some really hard core
coming to a few users and passing all tests including Sniffer. 

Woody Fussell
Wilbur Smith Associates
[EMAIL PROTECTED]
803-758-4522

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler
Sent: Thursday, October 28, 2004 12:45 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spam getting through

Lately we have been seeing a lot of spam getting through passing ALL tests. 
We are starting to get complaints from customers on this and I wonder if we 
are alone in this problem or not. These are all coming in with a  weight of 
0, no whitelisting or any simple tests are failing (i.e. rDNS).

Sheldon



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Spam getting through

2004-10-28 Thread Sheldon Koehler
Lately we have been seeing a lot of spam getting through passing ALL tests. 
We are starting to get complaints from customers on this and I wonder if we 
are alone in this problem or not. These are all coming in with a  weight of 
0, no whitelisting or any simple tests are failing (i.e. rDNS).

Sheldon

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.