[Declude.JunkMail] Mathew's Gibberish test
A word of caution; Any one that processes messages frequently that contain part numbers, you should look for a key word in the body. Example, I have added the following line in both Gibberish and AntiGibberish: BODY0 CONTAINSparts You may also want to watch for words like stock or quote. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You 626-737-6003 [EMAIL PROTECTED] www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Using Filter Locations Beyond MAILFROM
Hello, All, I have a situation that I was hoping to get some feedback on. We have an e-mail user who is using our spam filtering service. They have a domain name setup with an outside e-mail hosting provider and all of the e-mail that is sent to that domain name gets forwarded over to his account that is hosted with us. Because of this forwarding all domains which are defined in our spam domains list get flagged as coming from the wrong mail server and weight is added on to the message pushing it over the hold weight even though if the message would've been delivered directly to us it would've been fine. (See below involving MINDSPRING.COM) Unless there's a more better way to to do this involving a different type of test, and please tell me if there is, I would like to create a FILTER that looks for a certain string and subtracts a few points based on that string. So far my the sum total of my experience with filter is using MAILFROM as my location in the filter. Based on the header information below, what would be the best location to use in my filter and what would be the best string to search for in that location? Are BODY, HEADERS, HELO, MAILFROM, REMOTEIP, REVDNS, ALLRECIPS and SUBJECT the only locations available for use in a filter? Since I'm basically making this exception for just one situation (unless others come up later) I would like to use the solution that adds the last amount of additional overhead to the spam-filtering system. Thanks For Your Feedback! Dan Geiser [EMAIL PROTECTED] P.S.: Some Names Have Been Changed to Protect the Innocent Received: from extremehosting.com [64.106.222.10] by danstitleagency.com.com (SMTPD32-6.06) id A7C83A700F4; Thu, 02 Oct 2003 09:27:36 -0400 Received: (qmail 8871 invoked by uid 89); 2 Oct 2003 13:27:37 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 8852 invoked from network); 2 Oct 2003 13:27:34 - Received: from stork.mail.pas.earthlink.net (207.217.120.188) by 64.106.222.242 with SMTP; 2 Oct 2003 13:27:34 - Received: from user-0cdv5be.cable.mindspring.com ([24.223.149.110] helo=JohnDoe) by stork.mail.pas.earthlink.net with asmtp (Exim 3.33 #1) id 1A53TP-ia-00 for [EMAIL PROTECTED]; Thu, 02 Oct 2003 06:26:27 -0700 Message-ID: [EMAIL PROTECTED] Reply-To: John Doe [EMAIL PROTECTED] From: John Doe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: topic Date: Thu, 2 Oct 2003 09:23:15 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0038_01C388C6.CF556C50 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-ELNK-Trace: 097c147a6b3c29b49649176a89d694c0f43c108795ac4507ebfb9684c58d7b9521d979922ded d6f1350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-RBL-Warning: SPAMDOMAINS: Spamdomain '@mindspring.com' found: Address of [EMAIL PROTECTED] sent from invalid mail.extremehosting.com. X-Declude-Sender: [EMAIL PROTECTED] [64.106.222.10] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, WEIGHT05, WEIGHT07, WEIGHT08, WEIGHT09, WEIGHT10, WEIGHTRANGE05-39, WEIGHTRANGE07-39, WEIGHTRANGE08-39, WEIGHTRANGE09-39, WEIGHTRANGE10-39, WEIGHTRANGE05-49, WEIGHTRANGE07-49, WEIGHTRANGE08-49, WEIGHTRANGE09-49, WEIGHTRANGE10-49, SPAMDOMAINS [10] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Is Spamcop Down?
Notice I cannot get to their site this morning. I hope that it is not another DDOS attack. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Is Spamcop Down?
I went in this morning and took out the check for spam cop. We can't get any pdf's through our network at all. Unfortunately that didn't help. I don't know what else to do - I've been through all the stuff in imail AND declude and can not get them to work. It's not banned with banext, only pif and scr are in that. Also, how can I edit those .eml files to get the previous admin's name out of them? I tried in Outlook express - no dice... tried to find it within some of the many config ini files.. no luck there either. ANY help will be Greatly Appreciated Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, October 03, 2003 9:36 AM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] Is Spamcop Down? Notice I cannot get to their site this morning. I hope that it is not another DDOS attack. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Is Spamcop Down?
Are you running an older version of IMail (6.x)? We had that problem until we upgraded to 7.x and long before we started using Declude. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Donna K Stanley Sent: Friday, October 03, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? I went in this morning and took out the check for spam cop. We can't get any pdf's through our network at all. Unfortunately that didn't help. I don't know what else to do - I've been through all the stuff in imail AND declude and can not get them to work. It's not banned with banext, only pif and scr are in that. Also, how can I edit those .eml files to get the previous admin's name out of them? I tried in Outlook express - no dice... tried to find it within some of the many config ini files.. no luck there either. ANY help will be Greatly Appreciated Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX attachment: winmail.dat
Re: [Declude.JunkMail] Is Spamcop Down?
Donna, When editing the *.eml files that are returned back to the users in cases of banned extensions and the like you will need to use just plain old regular notepad or other basic text editor. Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com Donna K Stanley writes: I went in this morning and took out the check for spam cop. We can't get any pdf's through our network at all. Unfortunately that didn't help. I don't know what else to do - I've been through all the stuff in imail AND declude and can not get them to work. It's not banned with banext, only pif and scr are in that. Also, how can I edit those .eml files to get the previous admin's name out of them? I tried in Outlook express - no dice... tried to find it within some of the many config ini files.. no luck there either. ANY help will be Greatly Appreciated Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, October 03, 2003 9:36 AM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] Is Spamcop Down? Notice I cannot get to their site this morning. I hope that it is not another DDOS attack. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Using Filter Locations Beyond MAILFROM
First, others have stated and I agree SPAMDOMAINS should not be used with your own domains for a couple of reasons. The test was basically designed for the free type big mail services. Second, you need to redo your weight tests. You have a lot of overlapping and redundant tests configured. From what I gather from your confusing tests, what you want is the following: WEIGHT6 WEIGHT7 WEIGHT8 WEIGHT9 WEIGHT10 WEIGHTRANGE11-39 WEIGHTRANGE40-49 7 replacing 16, each message only triggering one test. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, October 03, 2003 7:34 AM To: Declude JunkMail Subject: [Declude.JunkMail] Using Filter Locations Beyond MAILFROM Hello, All, I have a situation that I was hoping to get some feedback on. We have an e-mail user who is using our spam filtering service. They have a domain name setup with an outside e-mail hosting provider and all of the e-mail that is sent to that domain name gets forwarded over to his account that is hosted with us. Because of this forwarding all domains which are defined in our spam domains list get flagged as coming from the wrong mail server and weight is added on to the message pushing it over the hold weight even though if the message would've been delivered directly to us it would've been fine. (See below involving MINDSPRING.COM) Unless there's a more better way to to do this involving a different type of test, and please tell me if there is, I would like to create a FILTER that looks for a certain string and subtracts a few points based on that string. So far my the sum total of my experience with filter is using MAILFROM as my location in the filter. Based on the header information below, what would be the best location to use in my filter and what would be the best string to search for in that location? Are BODY, HEADERS, HELO, MAILFROM, REMOTEIP, REVDNS, ALLRECIPS and SUBJECT the only locations available for use in a filter? Since I'm basically making this exception for just one situation (unless others come up later) I would like to use the solution that adds the last amount of additional overhead to the spam-filtering system. Thanks For Your Feedback! Dan Geiser [EMAIL PROTECTED] P.S.: Some Names Have Been Changed to Protect the Innocent Received: from extremehosting.com [64.106.222.10] by danstitleagency.com.com (SMTPD32-6.06) id A7C83A700F4; Thu, 02 Oct 2003 09:27:36 -0400 Received: (qmail 8871 invoked by uid 89); 2 Oct 2003 13:27:37 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 8852 invoked from network); 2 Oct 2003 13:27:34 - Received: from stork.mail.pas.earthlink.net (207.217.120.188) by 64.106.222.242 with SMTP; 2 Oct 2003 13:27:34 - Received: from user-0cdv5be.cable.mindspring.com ([24.223.149.110] helo=JohnDoe) by stork.mail.pas.earthlink.net with asmtp (Exim 3.33 #1) id 1A53TP-ia-00 for [EMAIL PROTECTED]; Thu, 02 Oct 2003 06:26:27 -0700 Message-ID: [EMAIL PROTECTED] Reply-To: John Doe [EMAIL PROTECTED] From: John Doe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: topic Date: Thu, 2 Oct 2003 09:23:15 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0038_01C388C6.CF556C50 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-ELNK-Trace: 097c147a6b3c29b49649176a89d694c0f43c108795ac4507ebfb9684c58d7b9521d9 79922ded d6f1350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-RBL-Warning: SPAMDOMAINS: Spamdomain '@mindspring.com' found: Address of [EMAIL PROTECTED] sent from invalid mail.extremehosting.com. X-Declude-Sender: [EMAIL PROTECTED] [64.106.222.10] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, WEIGHT05, WEIGHT07, WEIGHT08, WEIGHT09, WEIGHT10, WEIGHTRANGE05-39, WEIGHTRANGE07-39, WEIGHTRANGE08- 39, WEIGHTRANGE09-39, WEIGHTRANGE10-39, WEIGHTRANGE05-49, WEIGHTRANGE07-49, WEIGHTRANGE08-49, WEIGHTRANGE09-49, WEIGHTRANGE10-49, SPAMDOMAINS [10] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing
RE: [Declude.JunkMail] Is Spamcop Down?
Right click the .eml file and chose Open with... and chose Notepad. As far as the pdf issue, have you sent Scott a D file caught? If you want, you can send to me zipped off list along with the virus.cfg file. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Donna K Stanley Sent: Friday, October 03, 2003 7:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? I went in this morning and took out the check for spam cop. We can't get any pdf's through our network at all. Unfortunately that didn't help. I don't know what else to do - I've been through all the stuff in imail AND declude and can not get them to work. It's not banned with banext, only pif and scr are in that. Also, how can I edit those .eml files to get the previous admin's name out of them? I tried in Outlook express - no dice... tried to find it within some of the many config ini files.. no luck there either. ANY help will be Greatly Appreciated Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, October 03, 2003 9:36 AM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] Is Spamcop Down? Notice I cannot get to their site this morning. I hope that it is not another DDOS attack. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Is Spamcop Down?
We're using 7.0 Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX 903-575-2734 It is the Vision of Region VIII Educational Service Center to create a partnership between school districts, teachers, school board members, universities and community colleges, community members, and business leaders to provide quality services for school improvement that will prepare students to cope with the challenges of the future. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean Fahey Sent: Friday, October 03, 2003 10:20 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? Are you running an older version of IMail (6.x)? We had that problem until we upgraded to 7.x and long before we started using Declude. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Donna K Stanley Sent: Friday, October 03, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? I went in this morning and took out the check for spam cop. We can't get any pdf's through our network at all. Unfortunately that didn't help. I don't know what else to do - I've been through all the stuff in imail AND declude and can not get them to work. It's not banned with banext, only pif and scr are in that. Also, how can I edit those .eml files to get the previous admin's name out of them? I tried in Outlook express - no dice... tried to find it within some of the many config ini files.. no luck there either. ANY help will be Greatly Appreciated Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Is Spamcop Down?
First, I have only been reading about Imail and Declude for 4 days! I'm not even sure which of us on this newly formed team is responsible for it, but I'm trying to help our 48 school districts get their email! SO... Who is Scott, and what's a D file? I looked through imail logs and couldn't find where I tried to send the file from my exchange account to my imail account. Second, we don't use virus.cfg - we use a Symantec antivirus - there's not a virus.cfg file in the directory with Imail/Declude and...what's a zipped off list? I know what zipping is, of course, but an off list? I'm sorry to sound ignorant, but I am in this system - I generally on Windows 2000 with Active Directory. Thanks everyone. Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX 903-575-2734 It is the Vision of Region VIII Educational Service Center to create a partnership between school districts, teachers, school board members, universities and community colleges, community members, and business leaders to provide quality services for school improvement that will prepare students to cope with the challenges of the future. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, October 03, 2003 10:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? Right click the .eml file and chose Open with... and chose Notepad. As far as the pdf issue, have you sent Scott a D file caught? If you want, you can send to me zipped off list along with the virus.cfg file. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Donna K Stanley Sent: Friday, October 03, 2003 7:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? I went in this morning and took out the check for spam cop. We can't get any pdf's through our network at all. Unfortunately that didn't help. I don't know what else to do - I've been through all the stuff in imail AND declude and can not get them to work. It's not banned with banext, only pif and scr are in that. Also, how can I edit those .eml files to get the previous admin's name out of them? I tried in Outlook express - no dice... tried to find it within some of the many config ini files.. no luck there either. ANY help will be Greatly Appreciated Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, October 03, 2003 9:36 AM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] Is Spamcop Down? Notice I cannot get to their site this morning. I hope that it is not another DDOS attack. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Using Filter Locations Beyond MAILFROM
John, I appreciate all of the feedback you provide to the Declude community but in all honesty I don't feel like you read my e-mail at all. If you look at the headers I included you will see that I am NOT using the SPAMDOMAINS test on our own domains. I am using SPAMDOMAINS on MINDSPRING.COM which is a big (not free) e-mail service. In addition I wasn't asking for feedback on the tests I am using for weighting. I am fully aware that they could be made more clear. All I'm trying to do is learn more about the locations which are used with the FILTER test type. In the headers of the message below you can see that someone sent an e-mail to [EMAIL PROTECTED] and it was immediately forwarded from the current ISP for bigfishing.com over to our mail server. Declude Junkmail saw the name mindspring.com which is on it's SPAMDOMAINS list and since it's not from a mindspring.com server it added some points. That's fine. That's exactly how it's supposed to work. What I would like to do is create a filter, an exception if you will, so that any mail which is sent to [EMAIL PROTECTED] and is forwarded to our mail system from the recipient SMTP host automatically subtracts some points for [EMAIL PROTECTED] Since there isn't a MAILTO filter location, and there's no concise description in the documentation of what exactly the other filtering locations (BODY, HEADERS, HELO, MAILFROM, REMOTEIP, REVDNS, ALLRECIPS and SUBJECT) cover I was looking for some feedback from the community about how they would handle making an exception for this message. Specifically I was asking for a text string and filter location that they would accomplish that. Thanks, Dan Geiser [EMAIL PROTECTED] - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 03, 2003 11:42 AM Subject: RE: [Declude.JunkMail] Using Filter Locations Beyond MAILFROM First, others have stated and I agree SPAMDOMAINS should not be used with your own domains for a couple of reasons. The test was basically designed for the free type big mail services. Second, you need to redo your weight tests. You have a lot of overlapping and redundant tests configured. From what I gather from your confusing tests, what you want is the following: WEIGHT6 WEIGHT7 WEIGHT8 WEIGHT9 WEIGHT10 WEIGHTRANGE11-39 WEIGHTRANGE40-49 7 replacing 16, each message only triggering one test. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, October 03, 2003 7:34 AM To: Declude JunkMail Subject: [Declude.JunkMail] Using Filter Locations Beyond MAILFROM Hello, All, I have a situation that I was hoping to get some feedback on. We have an e-mail user who is using our spam filtering service. They have a domain name setup with an outside e-mail hosting provider and all of the e-mail that is sent to that domain name gets forwarded over to his account that is hosted with us. Because of this forwarding all domains which are defined in our spam domains list get flagged as coming from the wrong mail server and weight is added on to the message pushing it over the hold weight even though if the message would've been delivered directly to us it would've been fine. (See below involving MINDSPRING.COM) Unless there's a more better way to to do this involving a different type of test, and please tell me if there is, I would like to create a FILTER that looks for a certain string and subtracts a few points based on that string. So far my the sum total of my experience with filter is using MAILFROM as my location in the filter. Based on the header information below, what would be the best location to use in my filter and what would be the best string to search for in that location? Are BODY, HEADERS, HELO, MAILFROM, REMOTEIP, REVDNS, ALLRECIPS and SUBJECT the only locations available for use in a filter? Since I'm basically making this exception for just one situation (unless others come up later) I would like to use the solution that adds the last amount of additional overhead to the spam-filtering system. Thanks For Your Feedback! Dan Geiser [EMAIL PROTECTED] P.S.: Some Names Have Been Changed to Protect the Innocent Received: from extremehosting.com [64.106.222.10] by danstitleagency.com.com (SMTPD32-6.06) id A7C83A700F4; Thu, 02 Oct 2003 09:27:36 -0400 Received: (qmail 8871 invoked by uid 89); 2 Oct 2003 13:27:37 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 8852 invoked from network); 2 Oct 2003 13:27:34 - Received: from stork.mail.pas.earthlink.net (207.217.120.188) by 64.106.222.242 with SMTP; 2 Oct 2003 13:27:34 - Received: from user-0cdv5be.cable.mindspring.com ([24.223.149.110] helo=JohnDoe) by stork.mail.pas.earthlink.net with asmtp (Exim 3.33 #1)
RE: [Declude.JunkMail] Is Spamcop Down?
Sorry to be short with my response, I a couple of major issues I need to deal with like yesterday. Off list means that if a person wants and if invited, you can send the files in question to one of us that offer for further review. Often, having a second pair of eyes helps to find causes. Scott is the man at Declude. A D file is actual e-mail, and is in the form of D.SMD and has an associated Q.SMD file in the Imail Spool directory. The Q file is the envelope and instructs Imail what to do with the message, in simplicity form. The D file is the raw actual message. Both of these can be viewed with Notepad, but be careful doing so. What do you see that you can not get any pdf files through? Are you getting notices, or are the messages just disapperraing? We can help you review the logs and point you where to go to look. When looking for a message from your Exchange to an account on Imail, you should open the log file and search for either the from address or to address. How is Imail SMTP service logging? Go to the Imail Admin and go to SMTP service and what is it configured for in logging? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Donna K Stanley Sent: Friday, October 03, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? First, I have only been reading about Imail and Declude for 4 days! I'm not even sure which of us on this newly formed team is responsible for it, but I'm trying to help our 48 school districts get their email! SO... Who is Scott, and what's a D file? I looked through imail logs and couldn't find where I tried to send the file from my exchange account to my imail account. Second, we don't use virus.cfg - we use a Symantec antivirus - there's not a virus.cfg file in the directory with Imail/Declude and...what's a zipped off list? I know what zipping is, of course, but an off list? I'm sorry to sound ignorant, but I am in this system - I generally on Windows 2000 with Active Directory. Thanks everyone. Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX 903-575-2734 It is the Vision of Region VIII Educational Service Center to create a partnership between school districts, teachers, school board members, universities and community colleges, community members, and business leaders to provide quality services for school improvement that will prepare students to cope with the challenges of the future. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, October 03, 2003 10:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? Right click the .eml file and chose Open with... and chose Notepad. As far as the pdf issue, have you sent Scott a D file caught? If you want, you can send to me zipped off list along with the virus.cfg file. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Donna K Stanley Sent: Friday, October 03, 2003 7:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? I went in this morning and took out the check for spam cop. We can't get any pdf's through our network at all. Unfortunately that didn't help. I don't know what else to do - I've been through all the stuff in imail AND declude and can not get them to work. It's not banned with banext, only pif and scr are in that. Also, how can I edit those .eml files to get the previous admin's name out of them? I tried in Outlook express - no dice... tried to find it within some of the many config ini files.. no luck there either. ANY help will be Greatly Appreciated Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, October 03, 2003 9:36 AM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] Is Spamcop Down? Notice I cannot get to their site this morning. I hope that it is not another DDOS attack. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To
RE: [Declude.JunkMail] Using Filter Locations Beyond MAILFROM
I appreciate all of the feedback you provide to the Declude community but in all honesty I don't feel like you read my e-mail at all. Dan, you are right, I read through your message too fast. My head is spinning right now with problems. You could do this: HEADERS (appropriateweight) CONTAINS [EMAIL PROTECTED] You could also add in your spamdomains file the following (I think) mindspring. extremehosting.com John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Is Spamcop Down?
Just my 2 cents: Sometimes my word filters in declude junk mail would accidentally trigger a junk mail test and add weight to an innocent attachment, depending on how it was encoded. Also, while I know that PDF's are generally small, is it possible that the attachment exceeds the size allowed on your server. Have you tried other attachments of equal size? Have you tried a PDF from an e-mail/IP other than yours? Good luck~ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Donna K Stanley Sent: Friday, October 03, 2003 11:52 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? First, I have only been reading about Imail and Declude for 4 days! I'm not even sure which of us on this newly formed team is responsible for it, but I'm trying to help our 48 school districts get their email! SO... Who is Scott, and what's a D file? I looked through imail logs and couldn't find where I tried to send the file from my exchange account to my imail account. Second, we don't use virus.cfg - we use a Symantec antivirus - there's not a virus.cfg file in the directory with Imail/Declude and...what's a zipped off list? I know what zipping is, of course, but an off list? I'm sorry to sound ignorant, but I am in this system - I generally on Windows 2000 with Active Directory. Thanks everyone. Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX 903-575-2734 It is the Vision of Region VIII Educational Service Center to create a partnership between school districts, teachers, school board members, universities and community colleges, community members, and business leaders to provide quality services for school improvement that will prepare students to cope with the challenges of the future. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, October 03, 2003 10:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? Right click the .eml file and chose Open with... and chose Notepad. As far as the pdf issue, have you sent Scott a D file caught? If you want, you can send to me zipped off list along with the virus.cfg file. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Donna K Stanley Sent: Friday, October 03, 2003 7:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is Spamcop Down? I went in this morning and took out the check for spam cop. We can't get any pdf's through our network at all. Unfortunately that didn't help. I don't know what else to do - I've been through all the stuff in imail AND declude and can not get them to work. It's not banned with banext, only pif and scr are in that. Also, how can I edit those .eml files to get the previous admin's name out of them? I tried in Outlook express - no dice... tried to find it within some of the many config ini files.. no luck there either. ANY help will be Greatly Appreciated Donna K. Stanley Network Services Region VIII ESC Mt. Pleasant, TX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, October 03, 2003 9:36 AM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] Is Spamcop Down? Notice I cannot get to their site this morning. I hope that it is not another DDOS attack. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by
RE: [Declude.JunkMail] Imail Issues
I was happy to take it. Maybe this will let us know what configuration actually works with 8.03 since Ipswitch won't put out a hardware recommendation. I personally applaud your efforts. Thank you - Sincerely, Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Friday, October 03, 2003 02:30 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Imail Issues Importance: High Hello all. In an attempt to help everyone with issues than have been reported lately, I have put together a survey that I would like everyone to take. I will then post the results here as well as send them to Ipswitch for review. I know we are all busy, but if I can take the hour it took to create this, you can take 5 minutes to fill it out. No tracking is being done, only the answers. (No IPs, No countries, No browser type, no e-mail, nothing.) The link is this: http://www.createsurvey.com/cgi-bin/pollfrm?s=11436magic=HoUsvn3wsnt8eJb There are no images, hence the red boxes. (Hey, what do you expect for free?) I will leave this up until next Wednesday night, October 8. Thanks for you participation. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Imail Issues
Kudos John! Already filled in and good luck. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 03, 2003 11:30 AM Subject: [Declude.JunkMail] Imail Issues Hello all. In an attempt to help everyone with issues than have been reported lately, I have put together a survey that I would like everyone to take. I will then post the results here as well as send them to Ipswitch for review. I know we are all busy, but if I can take the hour it took to create this, you can take 5 minutes to fill it out. No tracking is being done, only the answers. (No IPs, No countries, No browser type, no e-mail, nothing.) The link is this: http://www.createsurvey.com/cgi-bin/pollfrm?s=11436magic=HoUsvn3wsnt8eJb There are no images, hence the red boxes. (Hey, what do you expect for free?) I will leave this up until next Wednesday night, October 8. Thanks for you participation. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Happy days are here again...
So as of Monday are we going to have a new organization running the .com / .net TLDs? lol It's about time Buh Bye Verislime Jason - Original Message - From: Joshua Levitsky [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 03, 2003 2:12 PM Subject: [Declude.JunkMail] Happy days are here again... I could not be happier... http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Happy days are here again...
So they don't have to pay for all registrations? I don't understand this. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Friday, October 03, 2003 2:54 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Happy days are here again... Todd Holt wrote: IMHO, ICANN should send a bill to VeriSlime for the registration of all combinations which could be caught by the wildcard. Does anyone know the maximum length of a domain name, how many different characters can be used in a domain name (a-z,A-Z,0-9,_,-,...), how many .com and .net domain names are currently registered and how much VeriSlime pays for each domain registration? I believe that since something like 256 characters are now allowed in domain names, 64 different standard characters allowed, and since there are around 40 million .com and .net addresses currently registered, that would equate to (2 x 64^256) - 40,000,000, or approximately... 270,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 00 0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 00 0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 00 0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 00 0,000,000,000,000,000,,000,000,000,000,000,000,000,000,000,000,000,000,0 00 ,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 ,0 00,000,000,000,000,000,000,000,000,000,000,000,000,000 This doesn't include the high-bit characters though :) BTW, payments to ICANN are only proportional to total registrations, and totals less than $3 million a year across 100% of registrations. So in effect, this would cost them little extra if they were to be charged. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Happy days are here again...
Umm, I think you missed a zero somewhere... ;-) Bill - Original Message - From: Matthew Bramble [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 03, 2003 2:54 PM Subject: Re: [Declude.JunkMail] Happy days are here again... Todd Holt wrote: IMHO, ICANN should send a bill to VeriSlime for the registration of all combinations which could be caught by the wildcard. Does anyone know the maximum length of a domain name, how many different characters can be used in a domain name (a-z,A-Z,0-9,_,-,...), how many .com and .net domain names are currently registered and how much VeriSlime pays for each domain registration? I believe that since something like 256 characters are now allowed in domain names, 64 different standard characters allowed, and since there are around 40 million .com and .net addresses currently registered, that would equate to (2 x 64^256) - 40,000,000, or approximately... 270,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 ,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 ,000,000,000,000,000,000,000,000,000 This doesn't include the high-bit characters though :) BTW, payments to ICANN are only proportional to total registrations, and totals less than $3 million a year across 100% of registrations. So in effect, this would cost them little extra if they were to be charged. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Interesting.. indeed... long long long spam
Hi.. Spammers are not as dumb as we think they are... This spam we received... This is a multi-part message in MIME format. --=_NextPart_000_58469_01C389A3.18FD3DB0Content-Type: text/plain;charset="Windows-1252"Content-Transfer-Encoding: quoted-printable Although there are benefits to both legal and illegal enhancers the =risks of illegal enhancers are much higher. "Oral Steroids are very hard =on the liver. Since the steroid doses are so high, the liver cannot keep =up and is overworked. As t.. goes on and on and on... it has something like 3 pages of just text - mainly news items.. Stuff like: 1. Background ="">Napster software, launched early in 1999, allows internet users to share =and download MP3 files directly from any computer connected to the =Napster network. The software is used by downloading a client program =from the Napster site and then connecting to the network through this =software, ... Then at the end the spam starts.. So in essence content filtering is out of the door. Filters were triggered: X-IMAIL-SPAM-DNSBL: (SPAMHAUS,19530360,127.0.0.2)X-IMAIL-SPAM-DNSBL: (NJABL,19530360,127.0.0.4)X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL,19530360,127.0.0.2)X-IMAIL-SPAM-VALREVDNS: (19530360)X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected.X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 204.29.185.192 with no reverse DNS entry.X-RBL-Warning: FILTER-MAILFROM: Message failed FILTER-MAILFROM test (9)X-RBL-Warning: FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test (38)X-Declude-Sender: [EMAIL PROTECTED] [204.29.185.192]X-Declude-Spoolname: Da634012a027877db.SMD --- but none of our content filters were triggered. It had two URL's listed in our database but none were detected since they are after so many characters.. Scott: What next? Regards, Kami
Re: [Declude.JunkMail] Interesting.. indeed... long long long spam
I've gotten two or three like this in the last couple days, but mine are getting tagged on with weight 21 or thereabouts. I delete on weight20. G.Z. - Original Message - From: Kami Razvan To: [EMAIL PROTECTED] Sent: Friday, October 03, 2003 5:11 PM Subject: [Declude.JunkMail] Interesting.. indeed... long long long spam Hi.. Spammers are not as dumb as we think they are... This spam we received... This is a multi-part message in MIME format. --=_NextPart_000_58469_01C389A3.18FD3DB0Content-Type: text/plain;charset="Windows-1252"Content-Transfer-Encoding: quoted-printable Although there are benefits to both legal and illegal enhancers the =risks of illegal enhancers are much higher. "Oral Steroids are very hard =on the liver. Since the steroid doses are so high, the liver cannot keep =up and is overworked. As t.. goes on and on and on... it has something like 3 pages of just text - mainly news items.. Stuff like: 1. Background ="">Napster software, launched early in 1999, allows internet users to share =and download MP3 files directly from any computer connected to the =Napster network. The software is used by downloading a client program =from the Napster site and then connecting to the network through this =software, ... Then at the end the spam starts.. So in essence content filtering is out of the door. Filters were triggered: X-IMAIL-SPAM-DNSBL: (SPAMHAUS,19530360,127.0.0.2)X-IMAIL-SPAM-DNSBL: (NJABL,19530360,127.0.0.4)X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL,19530360,127.0.0.2)X-IMAIL-SPAM-VALREVDNS: (19530360)X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected.X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 204.29.185.192 with no reverse DNS entry.X-RBL-Warning: FILTER-MAILFROM: Message failed FILTER-MAILFROM test (9)X-RBL-Warning: FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test (38)X-Declude-Sender: [EMAIL PROTECTED] [204.29.185.192]X-Declude-Spoolname: Da634012a027877db.SMD --- but none of our content filters were triggered. It had two URL's listed in our database but none were detected since they are after so many characters.. Scott: What next? Regards, Kami
Re: [Declude.JunkMail] Happy days are here again...
ICANN is just there to oversee the workings of the industry and they're not in it for profit. They charge registrars a fee based on the percentage of the number of registrations they are responsible for, and the total collected from all registrars is a number related only to organizational costs. VeriSign pays something like and additional $250,000 a year to ICANN for maintaining the .com and .net registries, however they collect $6 for each .com and .net domain name registered for their operating costs (and profit). While technically they pay themselves this $6 figure for registrations, it is only on paper for accounting purposes and no money changes hands (assuming that they track the transactions). Matt Todd Holt wrote: So they don't have to pay for all registrations? I don't understand this. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Matthew Bramble Sent: Friday, October 03, 2003 2:54 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Happy days are here again... Todd Holt wrote: IMHO, ICANN should send a bill to VeriSlime for the registration of all combinations which could be caught by the wildcard. Does anyone know the maximum length of a domain name, how many different characters can be used in a domain name (a-z,A-Z,0-9,_,-,...), how many .com and .net domain names are currently registered and how much VeriSlime pays for each domain registration? I believe that since something like 256 characters are now allowed in domain names, 64 different standard characters allowed, and since there are around 40 million .com and .net addresses currently registered, that would equate to (2 x 64^256) - 40,000,000, or approximately... 270,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 00 0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 00 0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 00 0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 00 0,000,000,000,000,000,,000,000,000,000,000,000,000,000,000,000,000,000,0 00 ,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 ,0 00,000,000,000,000,000,000,000,000,000,000,000,000,000 This doesn't include the high-bit characters though :) BTW, payments to ICANN are only proportional to total registrations, and totals less than $3 million a year across 100% of registrations. So in effect, this would cost them little extra if they were to be charged. Matt
RE: [Declude.JunkMail] Interesting.. indeed... long long long spam
"I've gotten two or three like this in the last couple days, but mine are getting tagged on with weight 21 or thereabouts. I delete on weight20." Yes in our case it was caught with a weight of 57. We hold on 20 and delete on 60 so this one was almost deleted. BUT -- the filters are our most effective tool... and they are not triggered.. that can be worrisome.. Regards, Kami
Re: [Declude.JunkMail] Happy days are here again...
FrontPage of the Washington Post. VeriSign Freezes Search Service http://www.washingtonpost.com/wp-dyn/articles/A40241-2003Oct3.html - Original Message - From: Joshua Levitsky [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 03, 2003 3:12 PM Subject: [Declude.JunkMail] Happy days are here again... I could not be happier... http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Happy days are here again...
So, ICANN comes up with a figure that is equal to the cost of maintaining the internet for a year and each registrar pays a percentage of that figure based on the percentage of all registrations that they manage? If this is true, then The wildcard in effect makes them customers of the registrantby registering each of the 40,000,000,000+ domains. This would make the total number of registered of domains increase to a staggering number. And VeriSlime would be managing 99.9% of those domains. They would effectively pay the entire bill for running the internet! I like it!!! J Butanother question Why should we pay a fixed amount each year to the registrants if they dont pay a fixed amount? This sounds pretty hokey to me! (No offense to VTech fans!) I thought that a fixed amount of our payments were going to the internet infrastructure improvements. Silly me! Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Friday, October 03, 2003 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Happy days are here again... ICANN is just there to oversee the workings of the industry and they're not in it for profit. They charge registrars a fee based on the percentage of the number of registrations they are responsible for, and the total collected from all registrars is a number related only to organizational costs. VeriSign pays something like and additional $250,000 a year to ICANN for maintaining the .com and .net registries, however they collect $6 for each .com and .net domain name registered for their operating costs (and profit). While technically they pay themselves this $6 figure for registrations, it is only on paper for accounting purposes and no money changes hands (assuming that they track the transactions). Matt Todd Holt wrote: So they don't have to pay for all registrations? I don't understandthis. Todd HoltXidix Technologies, IncLas Vegas, NV USAwww.xidix.com702.319.4349 -Original Message-From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-[EMAIL PROTECTED]] On Behalf Of Matthew BrambleSent: Friday, October 03, 2003 2:54 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Happy days are here again...Todd Holt wrote: IMHO, ICANN should send a bill to VeriSlime for the registration of all combinations which could be caught by the wildcard. Does anyone knowthe maximum length of a domain name, how many different characters can be used in a domain name (a-z,A-Z,0-9,_,-,...), how many .com and .net domain names are currently registered and how much VeriSlime pays foreach domain registration? I believe that since something like 256 characters are now allowed indomain names, 64 different standard characters allowed, and since there are around 40 million .com and .net addresses currently registered, that would equate to (2 x 64^256) - 40,000,000, or approximately... 270,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00 0,000,000,000,000,000,,000,000,000,000,000,000,000,000,000,000,000,000,000 ,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,0 00,000,000,000,000,000,000,000,000,000,000,000,000,000This doesn't include the high-bit characters though :)BTW, payments to ICANN are only proportional to total registrations, and totals less than $3 million a year across 100% of registrations. So in effect, this would cost them little extra if they were to be charged.Matt
Re: [Declude.JunkMail] Happy days are here again...
Todd Holt wrote: So, ICANN comes up with a figure that is equal to the cost of maintaining the internet for a year and each registrar pays a percentage of that figure based on the percentage of all registrations that they manage? Exactly. If this is true, then The wildcard in effect makes them customers of the registrantby registering each of the 40,000,000,000+ domains. This would make the total number of registered of domains increase to a staggering number. And VeriSlime would be managing 99.9% of those domains. They would effectively pay the entire bill for running the internet! I like it!!! J The only problem with this is that the total bill only amounts to about $3 million a year :( Butanother question Why should we pay a fixed amount each year to the registrants if they dont pay a fixed amount? This sounds pretty hokey to me! (No offense to VTech fans!) I thought that a fixed amount of our payments were going to the internet infrastructure improvements. Silly me! Well, VeriSign is the one that actually maintains the majority of the registry's infrastructure for .com and .net (.org just began a transfer yesterday to a new organization). The $6 fee that they are charging is about $5 above the initial suggested compensation at ICANN, but after a year and a half of blocking by VeriSign, even claiming ownership of the namespaces, the corporate entities at ICANN caved to their demands and set them up with this sweetheart deal...and then a year or so ago they renewed it with the only change being giving up the .org registry. It shouldn't cost that much to maintain a registry with 30 million domains ($180 million a year). ICANN should find a replacement organization, preferably a nonprofit, to take over operations, insist that the price be dropped to $1 per domain, and use this flagrant violation as proof of breech of contract instead of waiting another 4 years or so until the current deal has expired. The only problem with all of this is that there are few organizations with the knowledge base and infrastructure that can take on a task like this. Personally, I would vote for Tucows to take this over based on their fine character, but they would need a large cash infusion to pull it off. Matt
RE: [Declude.JunkMail] SPAM - Yahoo Groups
If the group is improperly set up (allowing open posting to anyone that subscribes, with no checking of the email address or first posts by the moderator, then spammers have a field day on those groups (they can join and post within seconds, then move to the next group). Most that do this are porn sites, but some are this worked for me type posts. Some older groups have no moderator and get slammed by these. Most active groups set all new posters to moderated status and usually are spam free. Karen ps. Depending on the set, the owner can join anyone to a yahoo group -- but I think they limit how many you can join up at a time nowadays. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matthew Bramble Sent: Wednesday, October 01, 2003 4:40 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAM - Yahoo Groups My understanding is that in order to be on a Yahoo Groups mailing list, you have to actually join that group...you can't just add people indiscriminately. I've seen many people using the groups for advertising, but that doesn't mean that it is spam. It might be possible though that spammers are joining lists and pumping through advertisements to the list members. I look at this as more of a problem that Yahoo has to deal with instead of someone like myself. Yahoo does monitor for this type of thing, and they are pretty good about keeping their message boards clean. The list admins can always set things up so that they are moderated, and of course delete memberships for any offending accounts, but IMO, it's not my problem if this stuff gets through their private lists. Matt Kami Razvan wrote: Hi; For the first time I received spam through Yahoo Groups. I thought Yahoo Groups are pretty much on subscription base and spam should not get through.. We have it on a negative weight since people are subscribed to different groups and it was getting caught but now we have to rethink this.. This spam would have been caught because of the URL's in its body but with the negative weight of Yahoo Group it came right through.. Anyone else getting spam through yahoo groups? Regards, Kami --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] eBay - scam..
We've been getting one with the link http://[EMAIL PROTECTED]:%31%35%37/, covered with a gif that makes it look like the link is on ebay.com. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Schmidt not to speak of trademark and or copyright infringement (which is NOT a civil matter - stakes are higher). These web sites are made to look exactly as the real thing, using their logo, etc. I have reported many of these emails with all headers to them - and offered logs etc and never got more than an automated reply. Not worth my time. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.