[Declude.JunkMail] SPF (Fail or Pass)
I am not really sure how to set this up but I would like to make sure that if a domain has an spf record that it is checked and if it is not legit it is immediately marked as spam. Also, is it possible to do this on my domain as I get a lot of spoofed email to my domain using my domain as a return address. Thanks for any help offered! Kevin --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interesting Spam
I used www.betterwhois.com and the whois service at www.netsol.com and neither showed the domains had been registered. Guess I'll have to try your site. Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, September 06, 2007 6:41 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Interesting Spam Well, the easy part is answering your question about the domains. Each of the payload domains was registered today, so whatever service you're using to look up the registrations is probably using a database at least a day behind. I use (for example) this site to my satisfaction: http://whois.domaintools.com/sdsdm.com Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Thursday, September 06, 2007 3:07 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Interesting Spam We're getting a rash of spam that doesn't score high enough to be blocked. In the past I've looked up the domain owner of the site listed in the spam and been able to identify sometimes dozens of domains owned by the spammer, then I've put that list into a filter and blocked the domains before they were all used in new spam sent to us. I did a whois on some of the domains and they all show as available and unregistered. Yet when I go to the domain, it does take me to the spammers site. How can these domains be functional and show as available to be registered at the same time? Below is a paste of one of the spams. I added 3 additional domains that have appeared in this same asshole's spam so that you can see the pattern of domains he is using. How do I block these? Dave X-Note: X-Note: Spam Score: [18] X-Note: Scan Time: 16:47:18 on 06 Sep 2007 X-Note: Spool File: 35111367.eml X-Note: Server Name: dsl88-233-31730.ttnet.net.tr X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Reverse DNS IP: dsl88-233-31730.ttnet.net.tr [88.233.123.242] X-Note: Country Chain: TURKEY-destination X-Note: Failed Weights: SORBS-WEB [5], FIVETENSRC [4], HELOBOGUS [5], SPFUNKNOWN [1], Filter_Country [8], WEIGHT10 [10], WEIGHT14 [14] X-Note: -Original Message- From: Tam Genois [mailto:[EMAIL PROTECTED] Sent: Thursday, September 06, 2007 1:15 PM Subject: [SPAM]- Score (12)tuile How it is going Genois Do you want to have an average to small penis all of your life? No, you don't dae Hays http://soltepec.com/ http://selenan.com/ http://www.seriia.com/ http://www.sdsdm.com/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF (Fail or Pass)
Only SPFFAIL is recommended, as spammers may have SPF records. Also, since many organizations are not using SPF, SPFUNKNOWN is not useful. Here's how you declare it in your GLOBAL.CFG SPFFAILspffailxput your test weight here0 I find that SPF is very useful, if for no other reason than to block spam sent to our customers that forges their domain when sending to them. To create your own SPF records, try http://www.openspf.org/ Darin. - Original Message - From: Kevin Stanford [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Friday, September 07, 2007 9:05 AM Subject: [Declude.JunkMail] SPF (Fail or Pass) I am not really sure how to set this up but I would like to make sure that if a domain has an spf record that it is checked and if it is not legit it is immediately marked as spam. Also, is it possible to do this on my domain as I get a lot of spoofed email to my domain using my domain as a return address. Thanks for any help offered! Kevin --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interesting Spam
Found out that invURIBL wasn't working correctly on my server. It was finding the wrong IP address for the DNS server. Once I fixed that, all of those spams suddenly ceased from being delivered to our inboxes! *grin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, September 06, 2007 6:58 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Interesting Spam I use a command line tool from www.whoisview.com that works well for both domains and IP blocks. Occasionally I run into a domain that doesn't resolve, but when that happens I also have trouble from registrar sites like netsol and godaddy. www.freewho.com generally works well, though. Darin. - Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Thursday, September 06, 2007 7:40 PM Subject: RE: [Declude.JunkMail] Interesting Spam Well, the easy part is answering your question about the domains. Each of the payload domains was registered today, so whatever service you're using to look up the registrations is probably using a database at least a day behind. I use (for example) this site to my satisfaction: http://whois.domaintools.com/sdsdm.com Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Thursday, September 06, 2007 3:07 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Interesting Spam We're getting a rash of spam that doesn't score high enough to be blocked. In the past I've looked up the domain owner of the site listed in the spam and been able to identify sometimes dozens of domains owned by the spammer, then I've put that list into a filter and blocked the domains before they were all used in new spam sent to us. I did a whois on some of the domains and they all show as available and unregistered. Yet when I go to the domain, it does take me to the spammers site. How can these domains be functional and show as available to be registered at the same time? Below is a paste of one of the spams. I added 3 additional domains that have appeared in this same asshole's spam so that you can see the pattern of domains he is using. How do I block these? Dave X-Note: X-Note: Spam Score: [18] X-Note: Scan Time: 16:47:18 on 06 Sep 2007 X-Note: Spool File: 35111367.eml X-Note: Server Name: dsl88-233-31730.ttnet.net.tr X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Reverse DNS IP: dsl88-233-31730.ttnet.net.tr [88.233.123.242] X-Note: Country Chain: TURKEY-destination X-Note: Failed Weights: SORBS-WEB [5], FIVETENSRC [4], HELOBOGUS [5], SPFUNKNOWN [1], Filter_Country [8], WEIGHT10 [10], WEIGHT14 [14] X-Note: -Original Message- From: Tam Genois [mailto:[EMAIL PROTECTED] Sent: Thursday, September 06, 2007 1:15 PM Subject: [SPAM]- Score (12)tuile How it is going Genois Do you want to have an average to small penis all of your life? No, you don't dae Hays http://soltepec.com/ http://selenan.com/ http://www.seriia.com/ http://www.sdsdm.com/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
