Re: [Declude.JunkMail] dictionary attacks
I have seen talk on the Imail Forum about people attempting to script something to combat Dictionary Attacks by blocking IPs that send over too many RCPT TO commands that result in ERR invalid user. Scott, is this something Declude will eventually handle for us? Or is there anything out there that is already written and available? I have also seen talk about running BlackICE (http://www.netice.com/) to automatically block IPs that cause too many SMTP Errors. Does anybody have an opinion on if this is the best solution right now? As far as I know, BlackICE is the only software that may be able to accomplish this. We do have something we have been working on that will detect when the dictionary attacks occur and will automatically block the IPs, but it is not currently a high priority. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT - Listed on Spwes!
I've found out that our netblock (/24 bit net carved out of a Class B net) has been listed on Spews!. Not because of our doing but because it's part of a upper block of Worldcom. The 'evidence' pages show this coming from a completely different network. Does anyone have any experience with this and/or getting removed? Thanks! --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] HELOBOGUS
Should this not have triggered HELOBOGUS as it normally does? Craig. Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with ESMTP (SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400 Received: from host242-39.pool80205.interbusiness.it (host242-39.pool80205.interbusiness.it [80.205.39.242]) by name2.sunbeach.net (8.9.3/8.9.3) with SMTP id XAA05539 for [EMAIL PROTECTED]; Sat, 14 Sep 2002 23:47:45 -0400 From: [EMAIL PROTECTED] X-Authentication-Warning: name2.sunbeach.net: host242-39.pool80205.interbusiness.it [80.205.39.242] didn't use HELO protocol To: [EMAIL PROTECTED] Received: from sunbeach.net by 0721BV7Y63.sunbeach.net with SMTP for [EMAIL PROTECTED]; Sat, 14 Sep 2002 23:52:09 +0500 Message-Id: [EMAIL PROTECTED] Date: Sat, 14 Sep 2002 23:52:09 +0500 Subject: This will be the best email you ever read Reply-To: [EMAIL PROTECTED] X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Sender: [EMAIL PROTECTED] Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?80.205.39.242 X-RBL-Warning: HEUR10: Heuristic spam detection level 10 [1.00] X-RBL-Warning: WEIGHT10: Weight of 11 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [80.205.39.242] X-Declude-Spoolname: D02c4148.SMD X-Spam-Tests-Failed: SPAMCOP, HEUR10, WEIGHT10 X-Note: Total spam weight of this E-mail is 11. X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 318915912 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT - Listed on Spwes!
I've found out that our netblock (/24 bit net carved out of a Class B net) has been listed on Spews!. Not because of our doing but because it's part of a upper block of Worldcom. The 'evidence' pages show this coming from a completely different network. That's what SPEWS does. I haven't seen them block a Class B before, just Class Cs (where the spammer and the innocent victim each shared IPs on the same Class C). However, it is generally agreed that the SPEWS test should not be used as a spam test -- because of their approach, they list a lot of legitimate mailservers. Does anyone have any experience with this and/or getting removed? I haven't heard of anyone getting removed, but I believe there is some ritual you can perform by going onto a newsgroup somewhere and being extremely polite... but that could just be a rumor. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HELOBOGUS
Should this not have triggered HELOBOGUS as it normally does? Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with ESMTP (SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400 name2.sunbeach.net does have an A record, so it should not trigger the HELOBOGUS test. Received: from host242-39.pool80205.interbusiness.it (host242-39.pool80205.interbusiness.it [80.205.39.242]) by name2.sunbeach.net (8.9.3/8.9.3) with SMTP id XAA05539 for [EMAIL PROTECTED]; Sat, 14 Sep 2002 23:47:45 -0400 and host242-39.pool80205.interbusiness.it has an A record, as well. X-Spam-Tests-Failed: SPAMCOP, HEUR10, WEIGHT10 So it looks like the test did work properly. The hostname doesn't need to have an MX record, just an A record is fine. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HELOBOGUS
I spoke in haste, that all makes sense. I am having a tough time with spammers using the mailfrom or return address of the recipient and a wetware problem on the customer end. Is there any way I can stop this? I know, it seems like a catch 22. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, September 17, 2002 8:39 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HELOBOGUS Should this not have triggered HELOBOGUS as it normally does? Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with ESMTP (SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400 name2.sunbeach.net does have an A record, so it should not trigger the HELOBOGUS test. Received: from host242-39.pool80205.interbusiness.it (host242-39.pool80205.interbusiness.it [80.205.39.242]) by name2.sunbeach.net (8.9.3/8.9.3) with SMTP id XAA05539 for [EMAIL PROTECTED]; Sat, 14 Sep 2002 23:47:45 -0400 and host242-39.pool80205.interbusiness.it has an A record, as well. X-Spam-Tests-Failed: SPAMCOP, HEUR10, WEIGHT10 So it looks like the test did work properly. The hostname doesn't need to have an MX record, just an A record is fine. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
Sorry, just getting around to reading my 700 or so unread messages. Anyone notice Hotmail put in a few new options a while ago and enabled them for everyone? Click on the options link and choose Personal Profile and scoll to the bottom. You will notice that the two options to 1) Share my email address and 2) Share my other registration information are checked. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Sent: Monday, September 16, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail By OREN ETZIONI of the NY TIMES --- A few days ago I created a new e-mail account, and within 24 hours I had received over 25 unsolicited commercial e-mail messages, otherwise known as spam. Even though I'm a professor of computer science, I, like so many others, have failed to protect myself from this daily nuisance. So I welcome t --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
Gosh I'd like to know how he made that account and got it spammed so quickly. That knowledge would be quite a tool. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Tom | Sent: Monday, September 16, 2002 5:21 PM | To: [EMAIL PROTECTED] | Subject: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail | | | By OREN ETZIONI of the NY TIMES | --- | | A few days ago I created a new e-mail account, and within 24 | hours I had received over 25 unsolicited commercial e-mail | messages, otherwise known as spam. Even though I'm a --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
Gosh I'd like to know how he made that account and got it spammed so quickly. That knowledge would be quite a tool. By this: | A few days ago I created a new e-mail account, and within 24 | hours I had received over 25 unsolicited commercial e-mail | messages, otherwise known as spam. He means A few days ago I created an account on Hotmail that had once existed, but since I just created it, it's a new E-mail account. Unless he was extremely active in trying to receive spam, I can't think of any other way that it could have happened. Or, he may have used his poetic license to count the number of spams he received. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] dictionary attacks
Bill, Monday, September 16, 2002 you wrote: BB I have seen talk on the Imail Forum about people attempting to BB script something to combat Dictionary Attacks by blocking IPs that BB send over too many RCPT TO commands that result in ERR invalid BB user. I wrote such a program that is currently in use on my servers. It tails the IMAIL log file and checks for SMTPD ERR lines with invalid user, etc, and records each entry with the associated IP. Once a trigger count has been exceeded the program adds the IP to the SMTPD32.ACC file and toggles the service. Certain IP's have to be excluded however such as any backup mail servers, client servers, internal networks, and so on. It is actually thrilling to watch a client blacklist themselves though. It is amazing to me that someone can generate so many errors trying to hit the same wrong e-mail address. There are a number of significant problems with this approach not the least of which is the secondary servers. The attack on the primary stops of course when the service is stopped but most attackers simply move to one of the secondaries and soon the secondary is sending the same RCPT TO commands. So you have to do something different at the secondary and you cannot block it for obvious reasons. At the secondary itself even if it is running IMAIL you cannot use the same program to stop this attack on the primary because the attack is of course going in the opposite direction. So you have make some modifications. And we have have very few attacks that the attacker does not switch to one of the secondary servers. In addition the log file is apparently not flushed on each write by IMAIL so it is not really possible to stop every attack at just the trigger point. The most that have gotten by my program is about 15 and that does seem close enough to me. There are problems also with different IMAIL log file systems, different domains to be included and excluded, IP ranges that should be included and excluded, and a number of other issues as well as a variety of reporting and management options. Eventually the acc file should be listed, sorted by ip, and then recreated so that the ip's are added in proper net blocks as I'm convinced that improves efficiency dramatically. BB Or is there anything out there that is already written and BB available? I did not find anything and it took we a while to get my program running. I'm running a modified program on the secondary that allows me to control there as well but that does not work of course in the case of a non IMAIL secondary. I am about 90% complete with converting the program to a service, adding a config file for options, and so on. But haven't decided whether I'll complete it or not - and that's just for my own use. In my opinion to make it distributable to a general population would require considerable additional expenditure of resources for an end result that is at best tenuous and subject to sudden incompatibility. Also, I can imagine feature requests and maintenance being formidable issues. I think this really should be done by IMAIL inside the smtp dialogue but even then I am unclear on what to do with the secondary servers except white list them of course. BB I have also seen talk about running BlackICE BB (http://www.netice.com/) to automatically block IPs that cause too BB many SMTP Errors. Does anybody have an opinion on if this is the BB best solution right now? Roger Heath reported that he had enjoyed good success with this approach using the Black Ice Server version. I tried repeatedly over probably a dozen or more e-mail messages to get a demo of the server version but ISS, the owner of BlackICE, insisted that I had to use a much more expensive product. As far as I could find there was no demo product available for the BlackICE server product. I finally gave up the battle so I never tested the approach. I guess the best thing to do would be to pay the $300 for the server product and see if it works the way you want. If not then you're just out $300. There again though I think you'd have to while list the secondary servers. You might want to consider doing what I did initially when I began investigating this whole issue: You can find a program provided to the IMAIL community by Mike Lewinski called errors.cgi at http://www.rockynet.com/imail/ that will allow you to look for SMTPD errors in your log files. That will tell you any IP you need to block. Then you can use the IMAIL services web interface now (the usual 8181 interface) to add an IP to your ACC file and you can also toggle the SMTP service from that interface. So it is a kind of manual way of doing what I'm doing programmatically. Terry
RE: [Declude.JunkMail] HELOBOGUS
I spoke in haste, that all makes sense. I am having a tough time with spammers using the mailfrom or return address of the recipient and a wetware problem on the customer end. Is there any way I can stop this? I know, it seems like a catch 22. Unfortunately, there isn't any easy way to stop the E-mail that has the same return address as the recipient's address -- the problem is that quite a few people Cc: themselves on all E-mail, as well as send themselves test messages. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT - Listed on Spwes!
I agree SPEWS is very aggressive when it comes to blocking. SPEWS likes to block adjacent netblocks in order to get legitimate customers to pressure the ISP. To get removed from the SPEWS list it takes practically an act of God to get something removed. They say for you to post to the NANAE newsgroup, but nothing usually ever comes out of that. The moral of this story is the only option you have is to force your ISP to issue you a new set of public IP's And when Scott says you need to be extremely polite that is an understatement. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, September 17, 2002 8:35 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT - Listed on Spwes! I've found out that our netblock (/24 bit net carved out of a Class B net) has been listed on Spews!. Not because of our doing but because it's part of a upper block of Worldcom. The 'evidence' pages show this coming from a completely different network. That's what SPEWS does. I haven't seen them block a Class B before, just Class Cs (where the spammer and the innocent victim each shared IPs on the same Class C). However, it is generally agreed that the SPEWS test should not be used as a spam test -- because of their approach, they list a lot of legitimate mailservers. Does anyone have any experience with this and/or getting removed? I haven't heard of anyone getting removed, but I believe there is some ritual you can perform by going onto a newsgroup somewhere and being extremely polite... but that could just be a rumor. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HELOBOGUS
I spoke in haste, that all makes sense. I am having a tough time with spammers using the mailfrom or return address of the recipient and a wetware problem on the customer end. Is there any way I can stop this? I know, it seems like a catch 22. Unfortunately, there isn't any easy way to stop the E-mail that has the same return address as the recipient's address -- the problem is that quite a few people Cc: themselves on all E-mail, as well as send themselves test messages. -Scott Scott, I would believe that there has to be a way to look at the return address and the recipient's address. If they match then compare the senders IP address to a list of my net block if it matches then it is assumed to be from a local user therefore it would pass the test and be sent. If it does not match then it is from the internet and therefore Spam and fails the test. Just an idea on how I think it may work. Lenny Bauman --- [This E-mail scanned for viruses by LRBCG.COM, Inc.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Toms Kill List
Morning everyone, Because all is going so well, I decided I'd screw with things a bit more :) I have just downloaded Tom's Image FX kill list and I'm looking through it. What I don't understand is, what is the difference between these 2 entries: @example.com and .example.com (obviously the difference is the @ and the ., but what exactly does this mean?) Thanks in advance, Sharyn PS: Scott, love the addition of the whitelist line in the logs! We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged Best in the World at the annual San Francisco Wine and Spirits Championships, and the artisan tequilas of Porfidio 100% Agave Tequilas, judged Best Tequila four years running by the Wine Enthusiast magazine. For more information, please click (go to) htmla href=http://www.cruzanrums.com;http:///aa href=http://www.cruzanrums;www.cruzanrums.com/a/html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] dictionary attacks
Thanks Terry Scott, I think I'll give BlackICE a try. I will let you all know what I think about it. Anything that does application-level SMTP firewalling should work. I wish there was simpler a product that I could just run to listen to port 25, filter out the bad stuff, and pipe the good stuff to Imail through an alternate SMTP port. Bill -Original Message- From: Smart Business Lists Sent: Tue, 17 Sep 2002 08:47:46 -0500 Subject: Re: [Declude.JunkMail] dictionary attacks Bill, Monday, September 16, 2002 you wrote: BB I have seen talk on the Imail Forum about people attempting to BB script something to combat Dictionary Attacks by blocking IPs that BB send over too many RCPT TO commands that result in ERR invalid BB user. I wrote such a program that is currently in use on my servers. It tails the IMAIL log file and checks for SMTPD ERR lines with invalid user, etc, and records each entry with the associated IP. Once a trigger count has been exceeded the program adds the IP to the SMTPD32.ACC file and toggles the service. Certain IP's have to be excluded however such as any backup mail servers, client servers, internal networks, and so on. It is actually thrilling to watch a client blacklist themselves though. It is amazing to me that someone can generate so many errors trying to hit the same wrong e-mail address. There are a number of significant problems with this approach not the least of which is the secondary servers. The attack on the primary stops of course when the service is stopped but most attackers simply move to one of the secondaries and soon the secondary is sending the same RCPT TO commands. So you have to do something different at the secondary and you cannot block it for obvious reasons. At the secondary itself even if it is running IMAIL you cannot use the same program to stop this attack on the primary because the attack is of course going in the opposite direction. So you have make some modifications. And we have have very few attacks that the attacker does not switch to one of the secondary servers. In addition the log file is apparently not flushed on each write by IMAIL so it is not really possible to stop every attack at just the trigger point. The most that have gotten by my program is about 15 and that does seem close enough to me. There are problems also with different IMAIL log file systems, different domains to be included and excluded, IP ranges that should be included and excluded, and a number of other issues as well as a variety of reporting and management options. Eventually the acc file should be listed, sorted by ip, and then recreated so that the ip's are added in proper net blocks as I'm convinced that improves efficiency dramatically. BB Or is there anything out there that is already written and BB available? I did not find anything and it took we a while to get my program running. I'm running a modified program on the secondary that allows me to control there as well but that does not work of course in the case of a non IMAIL secondary. I am about 90% complete with converting the program to a service, adding a config file for options, and so on. But haven't decided whether I'll complete it or not - and that's just for my own use. In my opinion to make it distributable to a general population would require considerable additional expenditure of resources for an end result that is at best tenuous and subject to sudden incompatibility. Also, I can imagine feature requests and maintenance being formidable issues. I think this really should be done by IMAIL inside the smtp dialogue but even then I am unclear on what to do with the secondary servers except white list them of course. BB I have also seen talk about running BlackICE BB (http://www.netice.com/) to automatically block IPs that cause too BB many SMTP Errors. Does anybody have an opinion on if this is the BB best solution right now? Roger Heath reported that he had enjoyed good success with this approach using the Black Ice Server version. I tried repeatedly over probably a dozen or more e-mail messages to get a demo of the server version but ISS, the owner of BlackICE, insisted that I had to use a much more expensive product. As far as I could find there was no demo product available for the BlackICE server product. I finally gave up the battle so I never tested the approach. I guess the best thing to do would be to pay the $300 for the server product and see if it works the way you want. If not then you're just out $300. There again though I think you'd have to while list the secondary servers. You might want to consider doing what I did initially when I began investigating this whole issue: You can find a
RE: [Declude.JunkMail] OT - Listed on Spwes!
Unfortunately, SPEWS is part of the OS* tests - I have found them rather GOOD. But spews certainly is a BIG down factor for the OSIRUSOFT lists. Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HELOBOGUS
Unfortunately, there isn't any easy way to stop the E-mail that has the same return address as the recipient's address ... I would believe that there has to be a way to look at the return address and the recipient's address. Yes, that part is easy. :) If they match then compare the senders IP address to a list of my net block if it matches then it is assumed to be from a local user therefore it would pass the test and be sent. If it does not match then it is from the internet and therefore Spam and fails the test. Just an idea on how I think it may work. The problems here are that you have to enter your IP ranges (so the test wouldn't work automatically), and that some people will send mail from the Internet (especially in the case of sending test messages). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Toms Kill List
What I don't understand is, what is the difference between these 2 entries: @example.com and .example.com (obviously the difference is the @ and the ., but what exactly does this mean?) The blacklisting works on a partial match. So if you have @example.com, it would catch [EMAIL PROTECTED] but not [EMAIL PROTECTED] (since [EMAIL PROTECTED] doesn't contain @example.com in it). On the other hand, .example.com won't match [EMAIL PROTECTED], but it will match [EMAIL PROTECTED]. Depending on the spammer, one or both methods may be needed to block their mail. An alternative would be to use just example.com, but that will catch any E-mail address with example.com in it ([EMAIL PROTECTED], [EMAIL PROTECTED], etc.). The Big Mistake is when people blacklist mail.com, which ends up blocking all E-mail from hotmail.com. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HELOBOGUS
It might be a good test to put into the weights. Another one would be a test that looks that the sender's (from their address) and fails if the first MX doesn't match up. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry | Sent: Tuesday, September 17, 2002 10:00 AM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] HELOBOGUS | | | | I spoke in haste, that all makes sense. I am having a tough | time with | spammers using the mailfrom or return address of the recipient and a | wetware problem on the customer end. Is there any way I can | stop this? | I know, it seems like a catch 22. | | Unfortunately, there isn't any easy way to stop the E-mail | that has the | same return address as the recipient's address -- the problem | is that quite | a few people Cc: themselves on all E-mail, as well as send | themselves test | messages. | -Scott | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Toms Kill List
The preceeding @ ensures that the match is an email with the example domain. The preceeding . ensures that the match is the domain used in a host link like www.example.com and so forth. Without these preceeding characters the following might also match incorrectly... legitimatexample.com Using the preceeding characters prevents this. HTH _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of | Sharyn Schmidt | Sent: Tuesday, September 17, 2002 10:24 AM | To: Declude Junkmail List | Subject: [Declude.JunkMail] Toms Kill List | | | Morning everyone, | | Because all is going so well, I decided I'd screw with things | a bit more | :) | | I have just downloaded Tom's Image FX kill list and I'm | looking through it. | | What I don't understand is, what is the difference between these 2 | entries: | | @example.com and .example.com | | (obviously the difference is the @ and the ., but what | exactly does this mean?) | | Thanks in advance, | Sharyn | | PS: Scott, love the addition of the whitelist line in the logs! | | | We are the worldwide producer and marketer of the award | winning Cruzan Single Barrel Rum, judged Best in the World | at the annual San Francisco Wine and Spirits Championships, | and the artisan tequilas of Porfidio 100% Agave Tequilas, | judged Best Tequila four years running by the Wine | Enthusiast magazine. For more information, please click (go | to) htmla href=http://www.cruzanrums.com;http:///aa | href=http://www.cruzanrums;www.cruzanrums.com/a/html | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
I always figured since my hotmail profile says I'm male and over 21 that's why it gets about 160 spam mails (that don't fail their spam filters) per week. Don't they do the same thing Juno mail does and pay for the service by selling the address to 'Advertising Partners'? My 17 year old sister in law get no adult spam to her hotmail address at all, and 99% of mine is, that says target marketing to me. I only have the address as a remote test account, to validate mail routing to my domain hosting customers, and rarely even then. If it were not a free mail account then I would say it would be a lot of work to get it listed, but I know there are only two ways to pay for a service, you pay or the advertisers pay. Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, September 17, 2002 8:38 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail Gosh I'd like to know how he made that account and got it spammed so quickly. That knowledge would be quite a tool. By this: | A few days ago I created a new e-mail account, and within 24 | hours I had received over 25 unsolicited commercial e-mail | messages, otherwise known as spam. He means A few days ago I created an account on Hotmail that had once existed, but since I just created it, it's a new E-mail account. Unless he was extremely active in trying to receive spam, I can't think of any other way that it could have happened. Or, he may have used his poetic license to count the number of spams he received. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filtering Foreign Domains
Is there a way to set declude up to filter all forein domains to be looked at before delivery. Also, last week I set up an Imail rule to filter c*u*m in the subject but it seems it stopped everything...is a * bad new in Imail rules.. At your service, Richard Farris [EMAIL PROTECTED] 1.800.548.3877 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 08/02/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
I guess that makes sense. We've got a few accounts like that out there - we set them up, forward them into our system for evaluation, and never use them for anything else... but there's a definite 'color' to the content - meaning the spam we get there is skewed to a specifi strange attractor - all based on the marketing. I'm working on formulating a methodology for setting up spamtraps and tuning them for specific kinds of spam - without opening them to any legitimate email. It's harder than it looks, and takes a lot of time - there's just no rushing it... so far anyway. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of | Charles Frolick | Sent: Tuesday, September 17, 2002 11:01 AM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail | | | I always figured since my hotmail profile says I'm male and | over 21 that's why it gets about 160 spam mails (that don't | fail their spam filters) per week. Don't they do the same | thing Juno mail does and pay for the service by selling the | address to 'Advertising Partners'? My 17 year old sister in | law get no adult spam to her hotmail address at all, and 99% | of mine is, that says target marketing to me. I only have | the address as a remote test account, to validate mail | routing to my domain hosting customers, and rarely even then. | If it were not a free mail account then I would say it would | be a lot of work to get it listed, but I know there are only | two ways to pay for a service, you pay or the advertisers pay. | | Chuck Frolick | ArgoNet, Inc. | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry | Sent: Tuesday, September 17, 2002 8:38 AM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail | | | | Gosh I'd like to know how he made that account and got it spammed so | quickly. That knowledge would be quite a tool. | | By this: | | | A few days ago I created a new e-mail account, and within | 24 hours I | | had received over 25 unsolicited commercial e-mail messages, | | otherwise known as spam. | | He means A few days ago I created an account on Hotmail that | had once existed, but since I just created it, it's a new | E-mail account. | | Unless he was extremely active in trying to receive spam, I | can't think of any other way that it could have happened. | Or, he may have used his poetic license to count the number | of spams he received. | -Scott | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering Foreign Domains
Is there a way to set declude up to filter all forein domains to be looked at before delivery. I'm not quite sure what you mean by this? Are you referring to foreign domains as in ccTLDs ([EMAIL PROTECTED])? Where the IP address is from another country? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
I always thought it would make a lot of sense to have an Internal SpamCop address. An address that we can use in Declude so any e-mail that is sent to that address is automatically added to a blacklist address for background deletion. If such addresses is then easily advertised on a couple of sites that are willing to give you a million dollars or add to your anatomical parts then effectively we can have a preemptive notice easily. Since the address is not used elsewhere there is no way a legitimate email comes to it. This can be a very fast and almost no CPU processing system be called SPAMTrap Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Madscientist Sent: Tuesday, September 17, 2002 11:10 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail I guess that makes sense. We've got a few accounts like that out there - we set them up, forward them into our system for evaluation, and never use them for anything else... but there's a definite 'color' to the content - meaning the spam we get there is skewed to a specifi strange attractor - all based on the marketing. I'm working on formulating a methodology for setting up spamtraps and tuning them for specific kinds of spam - without opening them to any legitimate email. It's harder than it looks, and takes a lot of time - there's just no rushing it... so far anyway. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
An address that we can use in Declude so any e-mail that is sent to that address is automatically added to a blacklist address for background deletion. This is something that we have been considering. A couple of thoughts, though: [1] What do you blacklist? I think that only the IP address of the sender could be safely blacklisted. [2] What happens if someone finds the address and uses it maliciously? [3] The spammer may have already sent a lot of spam before they send to this address. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
The problem with this is that once you subscribe it to anything you've muddied the waters a bit about whether content to that address is spam or not. If your specific use is such that you don't discriminate then you've got a reasonable solution... but for truly pure spam, you need to find ways for the spammers to pick you up - in their typical ways - but without your prompting. That takes time and effort - and occasionally luck. The luckiest you can get is for a dictionary search to hit your spam trap and pump it into one of the millions CDs... Once that happens a few times you'll start getting good traffic that was truly never solicited. Another lucky method is to have the address picked off of a web page when some spammer is trolling... _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan | Sent: Tuesday, September 17, 2002 11:30 AM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail | | | I always thought it would make a lot of sense to have an | Internal SpamCop address. | | An address that we can use in Declude so any e-mail that is | sent to that address is automatically added to a blacklist | address for background deletion. | | If such addresses is then easily advertised on a couple of | sites that are willing to give you a million dollars or add | to your anatomical parts then effectively we can have a | preemptive notice easily. Since the address is not used | elsewhere there is no way a legitimate email comes to it. | | This can be a very fast and almost no CPU processing system | be called SPAMTrap | | Regards, | Kami | | | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Madscientist | Sent: Tuesday, September 17, 2002 11:10 AM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail | | | I guess that makes sense. | We've got a few accounts like that out there - we set them | up, forward them into our system for evaluation, and never | use them for anything else... but there's a definite 'color' | to the content - meaning the spam we get there is skewed to a | specifi strange attractor - all based on the marketing. | | I'm working on formulating a methodology for setting up | spamtraps and tuning them for specific kinds of spam - | without opening them to any legitimate email. It's harder | than it looks, and takes a lot of time - there's just no | rushing it... so far anyway. | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] failed tests
Greetings, I am sending a message that failed the BADHEADERS and SPAMHEADERS tests. The error code says that I have a bogus date. This message is the result of sending a form (from inside our network) to a http server that processes the form and sends a thank you. Could someone, please, explain why the form (cgi script) could have failed both tests?? Thanks for your help. Jim Received: from localhost [10.140.8.11] by mcgraw.elmira.edu (SMTPD32-7.05) id AC1D1E4B0140; Tue, 17 Sep 2002 11:37:01 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: InterLibrary Loan article request form Reply-To: [EMAIL PROTECTED] X-Mailer: Form2Mail v1.4 by Liquid Silver Below is the result of your email form. Submitted by [EMAIL PROTECTED] Message-Id: 200209171137957.SM00665@localhost X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c020022c]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c020022c]. X-RBL-Warning: WEIGHT10: Weight of 11 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [10.140.8.11] X-Declude-Spoolname: D4c1d140.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, SPAMHEADERS, WEIGHT10 Date: Tue, 17 Sep 2002 11:37:07 -0400 X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 311794492 James Colunio Network/System Administrator Elmira College Elmira, NY 14901 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] failed tests
I am sending a message that failed the BADHEADERS and SPAMHEADERS tests. The error code says that I have a bogus date. That is correct -- it's easier to see the problem when you see only the headers that were sent to IMail: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: InterLibrary Loan article request form Reply-To: [EMAIL PROTECTED] X-Mailer: Form2Mail v1.4 by Liquid Silver Below is the result of your email form. Submitted by [EMAIL PROTECTED] Note that there are several problems -- first, you don't have any Date: header. The second problem is that you have invalid headers (the last two lines look like they should be in the body of the E-mail). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
Craig, I have two paid hotmail accounts. The one for my 5-year old daughter (it's really a test account for spam-filtering) did not get checked. My other account for Elmer Fudd strangely had a birthyear of 1900 and they were checked. I thought that when I set these up I said no sharing. Does anyone know how old these boxes are? You all might enjoy playing our new anti-s*pam game (see sig). Just launced today. Alexis --- Alexis D. Gutzman, Managing Editor, Reports MarketingSherpa's Knowledge Store http://torturegame4.emailsherpa.com = Play Torture a S^pammer online game - Original Message - From: Craig Gittens [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 8:59 AM Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail Sorry, just getting around to reading my 700 or so unread messages. Anyone notice Hotmail put in a few new options a while ago and enabled them for everyone? Click on the options link and choose Personal Profile and scoll to the bottom. You will notice that the two options to 1) Share my email address and 2) Share my other registration information are checked. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Sent: Monday, September 16, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail By OREN ETZIONI of the NY TIMES --- A few days ago I created a new e-mail account, and within 24 hours I had received over 25 unsolicited commercial e-mail messages, otherwise known as spam. Even though I'm a professor of computer science, I, like so many others, have failed to protect myself from this daily nuisance. So I welcome t --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Feature request: 'count' test.
I'm tweaking my mail setup, and am noticing that some mails are passing thru that fail up to four lightly-weighted tests. The tests were lightly weighted for good reason, but if I wind up getting mail that fails a LOT of tests, even the lightweights, I'd like to fail the msg. Cheers, --Matt Robertson-- MSB Designs, Inc. http://mysecretbase.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
This game subverted the entire office. ;-) _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of | Alexis D. Gutzman | Sent: Tuesday, September 17, 2002 11:48 AM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail | | | Craig, | | I have two paid hotmail accounts. The one for my 5-year old | daughter (it's really a test account for spam-filtering) did | not get checked. My other account for Elmer Fudd strangely | had a birthyear of 1900 and they were checked. | | I thought that when I set these up I said no sharing. Does | anyone know how old these boxes are? | | You all might enjoy playing our new anti-s*pam game (see | sig). Just launced today. | | Alexis | --- | Alexis D. Gutzman, Managing Editor, Reports | MarketingSherpa's Knowledge Store | http://torturegame4.emailsherpa.com = Play Torture a | S^pammer online game | | - Original Message - | From: Craig Gittens [EMAIL PROTECTED] | To: [EMAIL PROTECTED] | Sent: Tuesday, September 17, 2002 8:59 AM | Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail | | | Sorry, just getting around to reading my 700 or so unread messages. | Anyone notice Hotmail put in a few new options a while ago | and enabled | them for everyone? Click on the options link and choose Personal | Profile and scoll | to | the bottom. You will notice that the two options to 1) | Share my email | address and 2) Share my other registration information are checked. | | Craig. | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]]On Behalf Of Tom | Sent: Monday, September 16, 2002 5:21 PM | To: [EMAIL PROTECTED] | Subject: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail | | | By OREN ETZIONI of the NY TIMES | --- | | A few days ago I created a new e-mail account, and within | 24 hours I | had received over 25 unsolicited commercial e-mail | messages, otherwise | known | as | spam. Even though I'm a professor of computer science, I, | like so many | others, have failed to protect myself from this daily nuisance. So I | welcome | t | | --- | [This E-mail was scanned for viruses by Declude Virus | (http://www.declude.com)] | | --- | This E-mail came from the Declude.JunkMail mailing list. To | unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type | unsubscribe Declude.JunkMail. The archives can be found at | http://www.mail-archive.com. | | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
Some thoughts ... What I have seen happening to us.. [1] What do you blacklist? I think that only the IP address of the sender could be safely blacklisted. --- If I do IP then it has to be a temp file so lets say for 24 hours that IP can not send email. Because we sure don't want to blacklist a temporary open relay. These folks do not send email using their servers but they always use open relays. Also majority of times [2] What happens if someone finds the address and uses it maliciously? --- how? I don't understand how an email can be used maliciously... They can only send email to it and to an address where they have no business of sending. [3] The spammer may have already sent a lot of spam before they send to this address. --- TRUE but a great chance also exists that it is the beginning of the list or the middle. What I see in the addresses that are sent they typically are alphabetically sorted. So may be an address like AADoe@... Would put it on top of the list. But regardless it is a first attempt. If nothing is gained, I feel nothing is lost either but if it is used in their SPAM list then we have gained a lot. I just can't see us losing anything. In the game of Pros Cons our loss is a lot less than our potential gain. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, September 17, 2002 11:45 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail An address that we can use in Declude so any e-mail that is sent to that address is automatically added to a blacklist address for background deletion. This is something that we have been considering. A couple of thoughts, though: [1] What do you blacklist? I think that only the IP address of the sender could be safely blacklisted. [2] What happens if someone finds the address and uses it maliciously? [3] The spammer may have already sent a lot of spam before they send to this address. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
roflmao.. Lovely I love it!! Tuesday, September 17, 2002, 10:47:34 AM, you wrote: ADG Craig, ADG I have two paid hotmail accounts. The one for my 5-year old daughter (it's ADG really a test account for spam-filtering) did not get checked. My other ADG account for Elmer Fudd strangely had a birthyear of 1900 and they were ADG checked. ADG I thought that when I set these up I said no sharing. Does anyone know how ADG old these boxes are? ADG You all might enjoy playing our new anti-s*pam game (see sig). Just launced ADG today. ADG Alexis ADG --- ADG Alexis D. Gutzman, Managing Editor, Reports ADG MarketingSherpa's Knowledge Store ADG http://torturegame4.emailsherpa.com = Play Torture a S^pammer online game ADG - Original Message - ADG From: Craig Gittens [EMAIL PROTECTED] ADG To: [EMAIL PROTECTED] ADG Sent: Tuesday, September 17, 2002 8:59 AM ADG Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail Sorry, just getting around to reading my 700 or so unread messages. Anyone notice Hotmail put in a few new options a while ago and enabled them for everyone? Click on the options link and choose Personal Profile and scoll ADG to the bottom. You will notice that the two options to 1) Share my email address and 2) Share my other registration information are checked. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Sent: Monday, September 16, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail By OREN ETZIONI of the NY TIMES --- A few days ago I created a new e-mail account, and within 24 hours I had received over 25 unsolicited commercial e-mail messages, otherwise known ADG as spam. Even though I'm a professor of computer science, I, like so many others, have failed to protect myself from this daily nuisance. So I ADG welcome t --- [This E-mail was scanned for viruses by Declude Virus ADG (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ADG --- ADG [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] ADG --- ADG This E-mail came from the Declude.JunkMail mailing list. To ADG unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ADG type unsubscribe Declude.JunkMail. The archives can be found ADG at http://www.mail-archive.com. ADG --- ADG [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
Dear Kami, Tuesday, September 17, 2002, 11:36:09 AM, you wrote: KR Some thoughts ... What I have seen happening to us.. KR [1] What do you blacklist? I think that only the IP address of the KR sender could be safely blacklisted. KR --- If I do IP then it has to be a temp file so lets say for 24 hours KR that IP can not send email. Because we sure don't want to blacklist a KR temporary open relay. These folks do not send email using their servers KR but they always use open relays. Also majority of times That is a sound approach. KR [2] What happens if someone finds the address and uses it maliciously? KR --- how? I don't understand how an email can be used maliciously... KR They can only send email to it and to an address where they have no KR business of sending. If you block based on email then your bound to even if you only do 24 hour blocks block hotmail, yahoo, netscape and eudoramail constantly because a lot of spammers spoof those addresses. So not a sound approach there. KR [3] The spammer may have already sent a lot of spam before they send to KR this address. KR --- TRUE but a great chance also exists that it is the beginning of the KR list or the middle. What I see in the addresses that are sent they KR typically are alphabetically sorted. So may be an address like KR AADoe@... Would put it on top of the list. But regardless it is a first KR attempt. If nothing is gained, I feel nothing is lost either but if it KR is used in their SPAM list then we have gained a lot. I just can't see KR us losing anything. In the game of Pros Cons our loss is a lot less KR than our potential gain. Yes you would have to make sure it's among the first possible hits. / Eje KR -Original Message- KR From: [EMAIL PROTECTED] KR [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry KR Sent: Tuesday, September 17, 2002 11:45 AM KR To: [EMAIL PROTECTED] KR Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail An address that we can use in Declude so any e-mail that is sent to that address is automatically added to a blacklist address for background deletion. KR This is something that we have been considering. KR A couple of thoughts, though: KR [1] What do you blacklist? I think that only the IP address of the KR sender KR could be safely blacklisted. KR [2] What happens if someone finds the address and uses it maliciously? KR [3] The spammer may have already sent a lot of spam before they send to KR this address. KR -Scott KR --- KR [This E-mail was scanned for viruses by Declude Virus KR (http://www.declude.com)] KR --- KR This E-mail came from the Declude.JunkMail mailing list. To KR unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type KR unsubscribe Declude.JunkMail. The archives can be found at KR http://www.mail-archive.com. KR --- KR [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] KR --- KR This E-mail came from the Declude.JunkMail mailing list. To KR unsubscribe, just send an E-mail to [EMAIL PROTECTED], and KR type unsubscribe Declude.JunkMail. The archives can be found KR at http://www.mail-archive.com. KR --- KR [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT - Listed on Spwes!
SPEWS did the same thing to us. Blocked our entire C and incorrectly listed it as a UUNet dial-up. Forget about getting de-listed with them, won't happen. Their draconian tactics give anti-spammers a bad name. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Querying DNS MX records?
Are DNS MX records queryable? Could I query one and get a list of valid email addresses on that server? Is there a version that might be? A bug? An pre-patched version? A as-installed implementation that would have this as a possible result? Have you ever seen this work? No, I don't want to do it; I'm just trying to get to the bottom of something. (Really, I just wrote a book about security -- I'm a good guy -- see sig.) Thanks. Alexis --- Alexis D. Gutzman, Managing Editor, Reports MarketingSherpa's Knowledge Store Author, _Unforeseen Circumstances: Strategies and Technologies for Protecting Your Business and Your People in a Less Secure World_ (April 2002, AMACOM Press) http://torturegame4.emailsherpa.com = Play Torture a S^pammer online game --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering Foreign Domains
I mean ANYTHING with a .au or .ru or .de extensionwhat I have seen most of it is spam.. At your service, Richard Farris [EMAIL PROTECTED] 1.800.548.3877 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 10:22 AM Subject: Re: [Declude.JunkMail] Filtering Foreign Domains Is there a way to set declude up to filter all forein domains to be looked at before delivery. I'm not quite sure what you mean by this? Are you referring to foreign domains as in ccTLDs ([EMAIL PROTECTED])? Where the IP address is from another country? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 08/02/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Querying DNS MX records?
Are DNS MX records queryable? Yes. Could I query one and get a list of valid email addresses on that server? No. A DNS MX query will list the mailservers for a domain, not the users on it. Is there a version that might be? A bug? An pre-patched version? A as-installed implementation that would have this as a possible result? Have you ever seen this work? DNS will never, ever return an E-mail address (well, with one exception -- SOA record include a return address in a modified format). But they will never return a list of users on your server. The only location where that information is kept is the mailserver itself. There is not even an SMTP command that will list the users on a mailserver (the VRFY command can be used to verify a known address, and there is a command to show the users on a mailing list, but nothing to return all valid accounts). No, I don't want to do it; I'm just trying to get to the bottom of something. (Really, I just wrote a book about security -- I'm a good guy -- see sig.) If someone got addresses from a mailserver of yours, and you check the log files, you'll probably see that you were the victim of a dictionary attack -- someone pretending to send mail to thousands and thousands of accounts on your server, to see which ones are valid. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering Foreign Domains
I mean ANYTHING with a .au or .ru or .de extensionwhat I have seen most of it is spam.. We might consider adding that as a new test. Of course, there are likely millions of people with ccTLD return addresses, so it would have to be used very carefully if it was added. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering Foreign Domains
I block the following IP blocks for a customer of mine who only requires email from within the US. This list isnt exact but quite effective none the less. Have a great day! Rick Davidson Buckeye Internet Services www.buckeyeweb.com 440-953-1900 - 61.0.0.0/8 62.0.0.0/8 80.0.0.0/8 81.0.0.0/8 193.0.0.0/8 194.0.0.0/8 195.0.0.0/8 200.0.0.0/8 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 211.0.0.0/8 212.0.0.0/8 213.0.0.0/8 217.0.0.0/8 218.0.0.0/8 219.0.0.0/8 220.0.0.0/8 - Original Message - From: Richard Farris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 1:52 PM Subject: Re: [Declude.JunkMail] Filtering Foreign Domains I mean ANYTHING with a .au or .ru or .de extensionwhat I have seen most of it is spam.. At your service, Richard Farris [EMAIL PROTECTED] 1.800.548.3877 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 10:22 AM Subject: Re: [Declude.JunkMail] Filtering Foreign Domains Is there a way to set declude up to filter all forein domains to be looked at before delivery. I'm not quite sure what you mean by this? Are you referring to foreign domains as in ccTLDs ([EMAIL PROTECTED])? Where the IP address is from another country? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 08/02/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT - Listed on Spwes!
Tell me about it. They're suggestion: Well switch to a new ISP Ha! Right... And change a whole firewall, network, mail, routing, vpn, etc. configuration just because those jerks can't exclude a subnet. The problem isn't with the ISP. We haven't had a single outage in two years so I'm not going to change because SPEWS tells me to... Amazing... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Sullivan Sent: Tuesday, September 17, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT - Listed on Spwes! SPEWS did the same thing to us. Blocked our entire C and incorrectly listed it as a UUNet dial-up. Forget about getting de-listed with them, won't happen. Their draconian tactics give anti-spammers a bad name. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT - Listed on Spwes!
Well switch to a new ISP Ha! Right... And change a whole firewall, network, mail, routing, vpn, etc. configuration just because those jerks can't exclude a subnet. Not only that, but how are you going to know what IP addresses the new ISP will assign you until after you sign the contract, and that they are not listed? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT - Listed on Spwes!
If you are a victim of a spews adjacency - depending on the ISP they may work with you to give you a clean netblock not in SPEWS. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Tuesday, September 17, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OT - Listed on Spwes! Well switch to a new ISP Ha! Right... And change a whole firewall, network, mail, routing, vpn, etc. configuration just because those jerks can't exclude a subnet. Not only that, but how are you going to know what IP addresses the new ISP will assign you until after you sign the contract, and that they are not listed? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelist Request
Howdy Scott, Was wondering if you would consider creating a separate whitelist file for management purposes. Currently I have one customer with 4 Imail servers peered as a single domain across the country (US :-) I maintain master black lists and word filters on my workstation and use a batch file to FTP them to each server. Also, we are developing some web based management tools for Declude and would rather not have to programmaticly access the global.cfg file. Figured I would ask :-) Have a great day! Rick Davidson Buckeye Internet Services www.buckeyeweb.com 440-953-1900 - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist Request
Was wondering if you would consider creating a separate whitelist file for management purposes. This is actually something that we are working on and plan to add. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist Request
We would carry you around on our shoulders and cheer if you were here :-) Have a great day! Rick Davidson Buckeye Internet Services www.buckeyeweb.com 440-953-1900 - - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 5:28 PM Subject: Re: [Declude.JunkMail] Whitelist Request Was wondering if you would consider creating a separate whitelist file for management purposes. This is actually something that we are working on and plan to add. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist Request
Rick, I too am planning to advance Declude administration to my users via a web application. Although I saw no reason why I couldn't programmaticaly change the global.cfg and other files. Could I ask your reasoning? Also, to what level of modification do you anticipate. The numerous options that declude allows for will make 100% remote editing quite a challange. Thanks for your input. Bob Rick Davidson wrote: Howdy Scott, Was wondering if you would consider creating a separate whitelist file for management purposes. Currently I have one customer with 4 Imail servers peered as a single domain across the country (US :-) I maintain master black lists and word filters on my workstation and use a batch file to FTP them to each server. Also, we are developing some web based management tools for Declude and would rather not have to programmaticly access the global.cfg file. Figured I would ask :-) Have a great day! Rick Davidson Buckeye Internet Services www.buckeyeweb.com 440-953-1900 - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
Perhaps this list might be a way to set up test account exchanges?? David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Frolick Sent: Tuesday, September 17, 2002 10:01 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail I always figured since my hotmail profile says I'm male and over 21 that's why it gets about 160 spam mails (that don't fail their spam filters) per week. Don't they do the same thing Juno mail does and pay for the service by selling the address to 'Advertising Partners'? My 17 year old sister in law get no adult spam to her hotmail address at all, and 99% of mine is, that says target marketing to me. I only have the address as a remote test account, to validate mail routing to my domain hosting customers, and rarely even then. If it were not a free mail account then I would say it would be a lot of work to get it listed, but I know there are only two ways to pay for a service, you pay or the advertisers pay. Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, September 17, 2002 8:38 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail Gosh I'd like to know how he made that account and got it spammed so quickly. That knowledge would be quite a tool. By this: | A few days ago I created a new e-mail account, and within 24 | hours I had received over 25 unsolicited commercial e-mail | messages, otherwise known as spam. He means A few days ago I created an account on Hotmail that had once existed, but since I just created it, it's a new E-mail account. Unless he was extremely active in trying to receive spam, I can't think of any other way that it could have happened. Or, he may have used his poetic license to count the number of spams he received. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] List of mail services and alike
I have compiled the following list of ISP's/Mail/and Uncertain Services that have been common with spam, however, we use a weighing system with them instead of using delete or bounce. Feel free to use this list at your own risk. Regards, Tom Image`fx - @Aol.comAOL .Aol.comAOL @yahoo.com yahoo .yahoo.com yahoo @hotmail.comhotmail .hotmail.comhotmail @mail.com mail .mail.com mail @gateway.comgateway .gateway.comgateway @excite.com excite .excite.com excite @dbzmail.comdbzmail .dbzmail.comdbzmail @earthlink.com earthlink .earthlink.com erathlink @flashmail.com flashmail .flashmail.com flashmail @lycos.com lycos .lycos.com lycos @uol.comuol .uol.comuol @msn.commsn .msn.commsn @eudoramail.com eudoramail .eudoramail.com eudoramail @kimo.com kimo .kimo.com kimo @myrise.com myrise .myrise.com myrise @mysuper.commysuper .mysuper.commysuper @terra.es terra .terra.es terra @Erols.com erols .Erols.com erols .pacbell.compacbell @pacbell.compacbell .cs.com compuserve @cs.com compuserve .playitall.com playitall @.playitall.com playitall .virtualopolis.com virtualopolis @virtualopolis.com virtualopolis .swbell.net swbell @swbell.net swbell .pipex.com pipex @pipex.com pipex .nexitonline.comnexitonline @nexitonline.comnexitonline .data54.com data54 @data54.com data54 .cybermail.com cybermail @cybermail.com cybermail .twtelecom.net twarner @twtelecom.net twarner .icdcom.com icdcom @icdcom.com icdcom .seed.net.twseed @seed.net.twseed .wanadoo.es wanadoo @wanadoo.es wanadoo .egroups.comegroups @egroups.comegroups .blackbox.atblackboxat @blackbox.atblackboxat .concentric.net concentric @concentric.net concentric .xo.com xo @xo.com xo .emailaccount.com emailaccount @emailaccount.com emailaccount .annetsite.com annetsite @annetsite.com annetsite .baransite.net baransite @baransite.net baransite .sprintbbd.net sprintbbd @.sprintbbd.net sprintbbd .netscape.com netscape @netscape.com netscape .ovis.net ovis @ovis.net ovis .blomand.netblomand @blomand.netblomand .claranet.frclaranetFR @claranet.frclaranetFR .imail.ru imailru @imail.ru imailru .galactica.it galactica_it @galactica.it galactica_it .eunet.yu eunetyu @eunet.yu eunetyu .techrepublic techrepublic @techrepublic techrepublic .themail.comthemail @themail.comthemail .torpedomail.comtorpedomail @torpedomail.comtorpedomail .webmail.co.za webmail_coza @webmail.co.za webmail_coza .zapo.net zapo @zapo.net zapo .yahoo.co.ukyahoo_couk @yahoo.co.ukyahoo_couk .yahoo.co.kryahoo_cokr @yahoo.co.kryahoo_cokr .yahoo.es yahoo_es @yahoo.es yahoo_es .yahoo.de yahoo_de @yahoo.de yahoo_de .yahoo.ru yahoo_ru @yahoo.ru yahoo_ru .zonnet.nl zonnet_nl @zonnet.nl zonnet_nl .zzn.comznn @zzn.comznn .altavista.com altavista @altavista.com altavista .appsales.net appsales @appsales.net appsales .peoplepc.com peoplepc @peoplepc.com peoplepc .crownimperial.com crownimperial @crownimperial.com crownimperial .cute-girl.com cute-girl @cute-girl.com cute-girl .dcemail.comdcemail @dcemail.comdcemail .email.si email_si @email.si email_si .epatra.com epatra @epatra.com epatra .firemail.defiremail @firemail.defiremail .free.frfree_fr @free.frfree_fr .freejen.comfreejen @freejen.comfreejen .freeuk.com freeuk @freeuk.com freeuk .geocities.com geocities @geocities.com geocities .hotpop.com hotpop @hotpop.com
[Declude.JunkMail] Common items in Spam addresses
I have compiled yet another list of items commonly found in spam and mass marketing addresses. You can use this list of words at your own risk. I suggest you use it with a weight value and not something drastic like delete. Some of these words may also be commonly used for list services so make sure your weight value does not exceed your limit causing yahoo and bounce to be deleted. It should take more than 2 tests to fail in some cases. However, you are in control so make the best of it. Good Luck, Tom Image`fx - @BOUNCE BOUNCE1 .BOUNCE BOUNCE2 BOUNCE. BOUNCE3 BOUNCE@ BOUNCE4 -BOUNCE BOUNCE5 BOUNCE- BOUNCE6 -GENERICGENERIC1 GENERIC-GENERIC2 .GENERICGENERIC3 GENERIC.GENERIC4 @GENERICGENERIC5 GENERIC@GENERIC6 -RETURN RETURN1 RETURN- RETURN2 @RETURN RETURN3 RETURN@ RETURN4 .RETURN RETURN5 RETURN. RETURN6 @OPT-IN OPT-IN1 .OPT-IN OPT-IN2 OPT-IN. OPT-IN3 OPT-IN@ OPT-IN4 @OPT-OUTOPT-OUT1 .OPT-OUTOPT-OUT2 OPT-OUT.OPT-OUT3 OPT-OUT@OPT-OUT4 @PROXY PROXY1 .PROXY PROXY2 PROXY. PROXY3 PROXY@ PROXY4 -PROXY PROXY5 PROXY- PROXY6 @SPECIALS SPECIAL1 .SPECIALS SPECIAL2 SPECIALS. SPECIAL3 SPECIALS@ SPECIAL4 -SPECIALS SPECIAL5 SPECIALS- SPECIAL6 www.WWW1 @wwwWWW2 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Toms Kill List
The preceding @ ensures that the match is an email with the example domain. The preceding . ensures that the match is the domain used in a host link like www.example.com and so forth. Without these preceding characters the following might also match incorrectly... legitimatexample.com Using the preceding characters prevents this. I would add that if the address is long enough you may be able to get away with it. That is, you don't need the preceding characters if the domain name is long enough. There is, however, a chance the name could catch another domain ending with the same text, so it would be best practice to use the preceding characters and sometimes adding the following will help catch more: @same_name.com same domain name different character .same_name.com same domain name different character PS: Don't forget, the daily updates can be downloaded from the following url: www.imagefxonline.net/apps/delog/daily.txt Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT- SpamReview the Kill File
Just wanted everyone to know something about Spam and SpamReview. As you may already know, I get spam and I use SpamReview to help gather addresses before I verify them and add them to the kill file. I think it's a valuable application, however, I still have to add allot of addresses manually. You see, spammers are slick and it may seem as though these messages are coming from yahoo or hotmail, however, they are not. They are coming from different systems with open relays or mass-mailing servers, and this poses a problem. Spamreview and programs alike do not see all of these addresses, so they can not automatically write them to your kill file. You have to look at the headers to figure it out. Sometimes that's not even easy since the headers can be forged so well, you wouldn't be able to figure out what or where it came from. Take a look at the following very short header example: From: xxybr.cn.br.ub Received: from jock.fake.me.net.br Received: from hitchcock.mail.mindspring.net Received: from mailft-ne2.fiestatwist.net ([64.191.23.52]) by payne.mail.mindspring.net Received: by mailft-ne2.fiestatwist.net (envelope-from [EMAIL PROTECTED]) Received: from mail12-41 (10.134.122.151) by 10.0.0.2 Message-ID: [EMAIL PROTECTED] From: Fiesta Twist [EMAIL PROTECTED] In some cases, not necessarily this one, SpamReview will use mindspring or the reply address where as Declude will say it's from a different address. You see the dilemma, I would go after all of them, something's gota eventually byte. Anyway, the purpose of this e-mail was to inform you of a small problem with using an application such as Spamreview. You shouldn't just add every address you see in SpamReview you may need to look further into the message headers to find the correct address. Good Luck, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: SPAMCOP:Re: [Declude.JunkMail] HELOBOGUS
The problems here are that you have to enter your IP ranges (so the test wouldn't work automatically), and that some people will send mail from the Internet (especially in the case of sending test messages). If the IP block is setup up in the Global.cfg like Netblock10.10.2.0/22,192.168.1.0/23 Then declude would know the local IP address block and this would make it automatic. Automatic after you enter the IP ranges, and if the IP ranges don't change. :) The non-automatic part is that the test would have to be disabled by default, and people wanting to use it would need to add the list of IPs. However, it could be set up to automatically allow the E-mail if it came from an internal IP address (which would satisfy the needs of a lot of our customers). Now for testing from the Internet I would log on to Hotmail and send from me@hotmail to me@myaddress. This e-mail would pass for the return address and the recipient's address do not match. Good point. :) This test is something that we are still looking into. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filter Processing
I have two questions regarding filter processing. 1. If there are multiple filters listed in the global.cfg are they processed in the order they're listed? Yes. 2. If there is a match on an item in a filter list does processing continue against that list? Yes, so if the weight of each entry in the filter is 1, an E-mail could still end up with a weight higher than 1. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter Processing
Scott, For the wish list please - An additional filter type (or flag) that would exit after the first match. I've been pretty successful with filtering MAILFROM and, to speed up processing it would be beneficial if the filter processing could end after a match. The same would apply to an IP that I'm blocking. There's no need to do further processing in this filter since the match has been made and I'm going to treat the item as SPAM. This would also enable me to sequence the list with the most expected matches at the top. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, September 17, 2002 10:26 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Filter Processing I have two questions regarding filter processing. 1. If there are multiple filters listed in the global.cfg are they processed in the order they're listed? Yes. 2. If there is a match on an item in a filter list does processing continue against that list? Yes, so if the weight of each entry in the filter is 1, an E-mail could still end up with a weight higher than 1. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT- SpamReview the Kill File
In some cases, not necessarily this one, SpamReview will use mindspring or the reply address where as Declude will say it's from a different address. Sounds like a pretty useless app, if so. You see the dilemma, I would go after all of them, something's gota eventually byte. You would go after the second-level domains of faked intermediate gateways? This is going to be counterproductive, since the only good reason to use such fake Received: lines is to throw legitimate hosts into the mix. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
