Re: Meta for bogus MIME with DKIM valid?
On Mon, 8 Jul 2019, Joseph Brennan wrote: I am sorry to say that this spammer seems to have fixed the error. I have seen none at all for a few weeks. What I *have* seen are heavy spam barrages once a week that are from similar IP ranges that the spammer used but without the error. 125,000 today. Depending on the IP ranges, it sounds like tarpitting would be a useful response. On Thu, Jun 13, 2019 at 4:17 PM Joseph Brennan wrote: Yes, replying to myself. It just occurred to me that that we refuse mail from hosts in the Spamhaus lists, so messages from those don't get analyzed by spamassassin. The 50,000 I mentioned is how many were NOT caught that way. I wonder how many there really are! -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- If the rock of doom requires a gentle nudge away from Gaia to prevent a very bad day for Earthlings, NASA won’t be riding to the rescue. These days, NASA does dodgy weather research and outreach programs, not stuff in actual space with rockets piloted by flinty-eyed men called Buzz. -- Daily Bayonet --- 12 days until the 50th anniversary of Apollo 11 landing on the Moon
Re: Meta for bogus MIME with DKIM valid?
On Jul 8, 2019, at 2:15 PM, Joseph Brennan wrote: > > I am sorry to say that this spammer seems to have fixed the error. I have > seen none at all for a few weeks. What I *have* seen are heavy spam barrages > once a week that are from similar IP ranges that the spammer used but without > the error. 125,000 today. Indeed, I also have not gotten any of these in a while, which is unfortunate because this spammer's "product" unfortunately usually doesn't hit ANY other content rule, including Bayes (WTF), so I'm getting a lot of FN spams with scores of 0.6 or so. Still trying to nail down some other identifying characteristics that can be used for a rule, but coming up empty at the moment. --- Amir
Re: Meta for bogus MIME with DKIM valid?
I am sorry to say that this spammer seems to have fixed the error. I have seen none at all for a few weeks. What I *have* seen are heavy spam barrages once a week that are from similar IP ranges that the spammer used but without the error. 125,000 today. On Thu, Jun 13, 2019 at 4:17 PM Joseph Brennan wrote: > Yes, replying to myself. > > It just occurred to me that that we refuse mail from hosts in the Spamhaus > lists, so messages from those don't get analyzed by spamassassin. The > 50,000 I mentioned is how many were NOT caught that way. I wonder how many > there really are! > > > > -- > Joseph Brennan > Lead, Email and Systems Applications > > > -- Joseph Brennan Lead, Email and Systems Applications