This is the best part,
Registration is via a confidential money transfer.
Send your bank's name, account number, your name, address, telephone number,
and fax numbers. Please note again that this transaction is strictly
confidential and as such should be kept secret. Be rest assured that this
Actually it was Novell that intro'd this word to
the PC server world, Microsoft just intro'd it to the masses:-)
Mike
- Original Message -
From:
Nick
Hayer
To: Declude.JunkMail@declude.com
Sent: Wednesday, December 21, 2005
16:51
Subject: Re:
We outright reject all their mail.
We started by just holding and found lots of
'suspicious' activity like identical emails with different "from" domains, etc.
Normal spam type stuff CC offers, grant money, etc.
The we started blocked one /24, then they switched
to other subnets so we
Perhaps a test that looks at the date of registration so new domains could
be weighted higher.
Mike
- Original Message -
From: Nick [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Wednesday, February 09, 2005 12:25
Subject: Re: [Declude.JunkMail] domain name a name
I am
Postfix with postgrey does exactly this.
Delays 5 minutes and maintains a db of subnet, sender recipient combo.
Mike
- Original Message -
From: Colbeck, Andrew [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, February 11, 2005 13:56
Subject: RE: Re[4]: [Declude.JunkMail]
Ok here
Mike
- Original Message -
From: DLAnalyzer Support [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, December 10, 2004 10:29
Subject: [Declude.JunkMail] ed10.com - E-Dialog
Does anyone have any feedback on E-Dialog.com. It appears their are
several reputable companies
Create a custom body filter that contains a list of the unique phrases,
misspellings and names they use in the letters. Along with filters like
Matt's at mailpure.com will catch most if not all of them.
There is a website that has a lot of the phrases also, do a Google for 4_1_9
and
I filter on this + String.fromCharCode(
This is common in all of them. Combined with other tests it catches most.
Mike
- Original Message -
From: Glenn Brooks [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, March 29, 2004 20:02
Subject: RE: [Declude.JunkMail] weird random .htm
yes
Mike
- Original Message -
From: Glenn Brooks [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 30, 2004 09:20
Subject: Re: [Declude.JunkMail] weird random .htm attachments
so you do a body filter?
At 09:00 AM 3/30/2004 -0500, you wrote:
I filter on this +
Search Google and you'll see that many others seem to think they're viri
only too.
And of the legit zips I examined on my system they don't have those
sequences.
Irregardless I block all executable attachments anyways at my mx. This was
strictly for the ones that are bypassing my mx records and
This string is in the beginning of first line of the body of infected emails
all buts the zips
T_V_q_Q_A_AME
This is in the beginning of the first line of the .zips
U_E_s_D_B_AoAA
Both of these strings produce virus hits on Google
NOTE: remove the underscores to get the actual
I have not renewed my Junkmail SA due to the lack of an updated manual.
If Scott would spend the same amount of time updating the manul as he does
explaining to the list how features work, the manual would be current.
Monitoring and researching list archives is fine for free or diy software
but
Scott:
Your abilities as a writer are fine. I have seem many of your explanations
on use of features and for most I think they would suffice. They just need
to be put in the online manual at the same time you post a message to the
list.
I agree that beta features should not be in the main manual
And a big source of spam from those dialup and dsl IPs
Mike
- Original Message -
From: serge [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 10:19 PM
Subject: Re: [Declude.JunkMail] wanadoo.fr
this this france telecom (french att) internet services
largest
For what its worth this is the info of a spam host that harvested one of my
emails from the whois database and will spam using different domain names to
get around unsubscribe requests.
Here's the current one:
Received: from Mailer3.gd-aol.com (52.gd-aol.com [66.63.163.52])
Here's one from a
Mark:
I get a fair amout of this also. Mine seems to come mostly from broadband
lines (rr, verizon, charter, comcast, attbi) so I ip block at the /24 level
(class c). Of course it's after the fact. But should block some future spam.
I also have a subject filter to add weight for non western char
Is there a util that allows viewing/decoding of base64 encoded D*.SMD spool
files thats been held by JM?
Mike
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail
-
From: Mike K [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 16, 2003 7:00 AM
Subject: [Declude.JunkMail] JM held mail viewer
Is there a util that allows viewing/decoding of base64 encoded D*.SMD
spool
files thats been held by JM?
Mike
---
[This E-mail
May want to account for foreign languages also. I just received this spam
while I was adding your URL obfuscation filter.
#1053;#1077;#1076;#1086;#1088;#1086;#1075;#1080;#1077;
#1079;#1074;#1086;#1085;#1082;#1080;
#1079;#1072;#1088;#1091;#1073;#1077;#1078;!
Mike
- Original Message -
Sorry, just noticed, this was in the subject.
Mike
- Original Message -
From: Mike K [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 16, 2003 3:32 PM
Subject: Re: [Declude.JunkMail] OBFUSCATION filter
May want to account for foreign languages also. I just received
Can specific characters be specified? If so how?
If not a feature request to look for a specified char and the count, just
like the subjectspaces test.
Could be useful for U*n*i*v*e*r*s*i*t*y d*i*p*l*o*m*a
Mike
---
[This E-mail was scanned for viruses by Declude Virus
Scott:
You may just want to build support for unix style regular expressions.
Complicated, but they can do this and much more.
Note: Len's IMGate solution can do this also but with half the cpu
horsepower that NT/2K require. I use IMGATE as a front end to IMAIL/Declude
do exactly this.
What is everyone's opinion on bulk mailers like flowgo, gossipflash,
valoffers, quill? The joke lists, cell phone offers, travel offers, software
offers, etc.
The old saying one mans trash is anothers treasure comes to mind. While I as
an isp admin think it's trash, and optin is the only true
Spamcop will send notices based on IP and domain name. I had several notices
because of a joe job using our domain name with a forged return email
address.
If it's a legit Spamcop notice then just reply as appropriate. Usually these
complaints originate from clueless aol users. They look at the
In everybody's opinion, what RBLs have to lowest rate (possibly zero) of
false positives?
I use Junkmail and IMGate and want to block the real obvious junk (at
IMGate) while giving my users more control options on the grey stuff.
Mike
---
[This E-mail was scanned for viruses by Declude Virus
Is it possible to use CIDR in IPBYPASS
Ex: 192.168.0/24
Mike
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
While I know this is usually based on personal preference, and highly
subjective, but what do others find as the most reliable RBLs but with the
minimum of false positives?
Mike
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
Can Junkmail pro filters (for msg body) use wildcards? Is there a reference?
I want to create a filter (to hold) msgs that have embedded urls with IP
addresses in them.
I can do this is my IMGate machine but want to see what I catch first.
Mike
---
[This E-mail was scanned for viruses by
A spam I received yesterday had these comments in it also.
However one thing I noticed was that the spam had a url that started off
with the standard http then was followed by
PercentHexHexPercentHexHexPercentHexHexPercentHexHexPercentHexHex and so on.
This should be very easy to filter on as no
Had a similar occurance on filtering for theose stupid spam penny stock tips
that always contain O*T*C
Found out that attachments sometimes morphed to contain that string.
Lesson learned, be more specific.
Mike
- Original Message -
From: Sharyn Schmidt [EMAIL PROTECTED]
To: [EMAIL
30 matches
Mail list logo
