...
Just received the below crap in from Anna Eshoo in my inbox.
Funny, I don't see a e-mail address on my representatives website.
And there's no MX record for house.gov.
Header below, full SPAM at
http://www.espphotography.com/eshoo.html or
http://www.espphotography.com/eshoo.txt
Anna will
...
Didn't congress exempt itself from the I-CAN-SPAM laws anyway? What would
reporting to the FTC do? More effective would be to report to the local
paper(s), with copied to her inbox.
-Don
Reporting to the FTC doesn't do much for real spam - I'd expect
even less for something from
...
I'm running SA 3.1 and I have started to notice more spam come through
recently.
Some are porn and some are medication. They don't hit much of anything
beyond Razor2 and Chickenpox, which isn't enough to mark them as spam.
Some of the medication spams are using an obnoxious html table
...
Duncan Hill wrote:
On Tuesday 08 Nov 2005 16:38, shenanigans wrote:
I was interested in getting feedback from current mail group users.
We have mirrored your mail list in a new application that provides a
more aggregated and safe environment which utilizes the power of
broadband
...
From: List Mail User [mailto:[EMAIL PROTECTED]
...
I'm running SA 3.1 and I have started to notice more spam come through
recently.
[snip - original table drug spam]
Has anyone else been having this problem? Any rules to catch medication
names in those types of tables
...
Dallas L. Engelken just wrote:
FYI
Just had a report from a user regarding
http://www.spamcop.net/w3m?action=checkblockip=66.249.82.205
64.233.185.27 is an mx ( 5 ) for xproxy.gmail.com
64.233.185.27 is an mx ( 5 ) for gmail.com
That could be effecting quite a lot of people...
D
I
- Original Message -
From: Matt Kettler [EMAIL PROTECTED]
To: List [EMAIL PROTECTED]; users@spamassassin.apache.org
Sent: Tuesday, November 01, 2005 10:49 PM
Subject: Re: DK_SIGNED from yahoo
At 02:13 AM 11/1/2005, List wrote:
How do I patch DK using that patch? What commands
List wrote:
- Original Message - From: Matt Kettler
[EMAIL PROTECTED]
To: List [EMAIL PROTECTED]; users@spamassassin.apache.org
Sent: Tuesday, November 01, 2005 10:49 PM
Subject: Re: DK_SIGNED from yahoo
At 02:13 AM 11/1/2005, List wrote:
How do I patch DK using that patch
[EMAIL PROTECTED] wrote:
[13009] warn: rules: failed to run DK_POLICY_SIGNALL test, skipping:
[13009] warn: _(Can't locate object method header via package
Mail::DomainKeys::Message at
This means you didn't apply the patch to the file that SpamAssassin is
using.
[EMAIL PROTECTED] wrote:
[13009] warn: rules: failed to run DK_POLICY_SIGNALL test, skipping:
[13009] warn: _(Can't locate object method header via package
Mail::DomainKeys::Message at
This means you didn't apply the patch to the file that SpamAssassin is
using.
Hi,
spamassassin -D --lint gave me these warnings:-
[13147] warn: config: failed to parse line, skipping: rewrite_subject 1
[13147] warn: config: failed to parse line, skipping: subject_tag [SPAM]
Below is my local.cf. Where does those come about?
skip_rbl_checks 0
required_hits
- Original Message -
From: Matt Kettler [EMAIL PROTECTED]
To: List [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Sent: Wednesday, November 02, 2005 2:49 AM
Subject: Re: 3.10 configure
List wrote:
Hi,
spamassassin -D --lint gave me these warnings:-
[13147] warn: config
I'd suggest:
grep subject_tag /etc/mail/spamassassin/*.cf
grep subject_tag ~/.spamassassin/user_prefs
Also, if any of the above files use an include, you need to check the
included file.
Thank you. The rule from Daniel Watts for software is the cause.
Hi again,
any solution for the below
21734] dbg: pyzor: got response: Traceback (most recent call last):\n File
/usr/bin/pyzor, line 4, in ?\npyzor.client.run()\n File
/usr/lib/python2.4/site-packages/pyzor/client.py, line 934, in run\n
ExecCall().run()\n File
I had enabled RBL checks, DCC, RAZOR2 and PYZOR running, but i still not
getting them to scan mails. It is been marked 3.1.
X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_50,FUZZY_OBLIGATION
autolearn=no version=3.1.0
But if i test it via console eg spamassassin -D -l sw.2.txt, it did
- Original Message -
From: Matt Kettler [EMAIL PROTECTED]
To: List [EMAIL PROTECTED]; users@spamassassin.apache.org
Sent: Wednesday, November 02, 2005 1:31 PM
Subject: Re: rbl check not working?
At 11:46 PM 11/1/2005, List wrote:
I had enabled RBL checks, DCC, RAZOR2 and PYZOR
I upgraded to 3.1.0 (from 3.0.4) and enabled the Domainkeys plugin.
I patched it with the patch in the bugzilla #4623
(http://issues.apache.org/SpamAssassin/attachment.cgi?id=3210) as I am
using Mail::DomainKeys 0.80.
How do I patch DK using that patch? What commands?
Hi,
Is there a ruleset to block this kind of emails?
Vlaxgra - $3.3
Levintra - $3.3
Ciadlis - $3.7
Imitgrex - $16.4
Flompax - $2.2
Ultrxam - $0.78
Viosxx - $4.75
Ambqien - $2.2
Valxium - $0.97
Xanahx - $1.09
Sozma - $3
Meriidia - $2.2
our website
___
Best regards,
Online
...
One other serious hint, do NOT run this list through SpamAssassin. That
may help protect your BAYES scores from subtle shifts such as might come
if you merely have it white listed.
{^_^}
bayes_ignore_to users@spamassassin.apache.org
Paul Shupak
[EMAIL PROTECTED]
...
Hi,
Recently a lot of messages have started getting past spamassassin as
ham. They are all the same format and disguise the words by using
floating divs:
DIV style=FLOAT: left;
CBRPBRLBRUBRCBRMBRXBRVBRABRV/DIV
DIV style=FLOAT: left;
eBRrBReBRlBRIBReBRaBRABRmBRI/DIV
Is there a ruleset that
...
RE: missed by great AV programs
SEE:
http://www.pvsys.com/missedvirus.txt
This came in today and I ran this against ClamAV, McAfee, Sophos... all with
the latest definitions
(at least as of the time that I write this, 9/19/05 3:45 pm EST).
It is strange that NONE of these 3 catch this
list at IP 220.80.107.186 is:
openjab.-com A 220.80.107.186
www.openjab.-com A 220.80.107.186
pointmac.-comA 220.80.107.186
ns0.pointmac.-com A 220.80.107.186
isince.-com A 220.80.107.186
netsince.-com
...
I was surprised to get an email with a list of drugs that scored
relatively little on SA.
Apparently, the spammer cleverly divided all the words into pairs of
letters and placed each pair in the proper table cell just so that the it
all appear right (all the drug names next to their prices
The mail headers you put on your site didn't come from Yahoo! - They
came from zombie-nets operated by Leo Kuvayev (Viagra and Cialis are among
his favorite products). Yahoo! only occurs in the forged part of the
headers (tough Leo seems to like to use Yahoo/Geocities for some of his
own
...
Sorry, it still.
---
Received: from mail.indorama.com (blowfish [127.0.0.1])
by localhost.localdomain (Postfix) with ESMTP id 30451E7933
for [EMAIL PROTECTED]; Wed, 31 Aug 2005 13:08:51 +0700 (WIT)
X-Greylist: domain auto-whitelisted by SQLgrey-1.6.5
Received: from
Hi,
we received a Duden newsletter (duden is *the* spelling
rules/grammar/dictionary publisher in germany) with the header:
Received: from ds80-237-180-34.dedicated.hosteurope.de
(ds80-237-180-34.dedicated.hosteurope.de [80.237.180.34])
by netra27.desy.de (DesyMail_In_27) with ESMTP id
...
Thanks. Will have to see how to do this with postfix.
Ron
Ron Nutter [EMAIL PROTECTED]
Network Infrastructure Security Manager
Information Technology Services
in set3). That I might worry a
bit if it was false hitting.
As usual, Matt has correctly stated the situation; But another
way to view it is that RFCI is *not* a spam list (or lists) - It is a
group of lists of domains which violate particular RFCs. It just happens
that spammers
...
The first thing I've noticed after running 3.1pre1 for a few days is
that I'm getting much less bayes auto learning of ham due to the fact
that most of my messages from mailings lists fail SPF tests and get
penalized 2.4-2.6 points or so for it. They still aren't marked as
spam, but
...
Not for me...
* -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' * 2.4
SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
* [SPF failed: ] * -1.3 AWL AWL: From: address is in the auto
white-list
That is from your message...
On Aug 15, 2005, at 6:17 PM
...
Rob McEwen wrote:
I've got an idea for faster rDNS lookups.
Before I present the solution. Here is the problem...
...basically, rDNS checks are expensive. They sometimes take a few seconds
when done in real time and depend on the timeliness and of other people's
DNS servers. This 1-5
Shupak
[EMAIL PROTECTED]
P.S. The person who does most of the checking for rfci is himself German
and his email all goes through .de domains (and he does occasionally
respond on this list).
And for spam domains, IP-jumping is common...
...for well run, legitimate domains, what
you say is indeed correct
Overall, I think you actually make the case FOR my idea of artifically long
cacheing of rDNS checks. And, I think my earlier messages covered the various
scenarios.
the load on the
...
List Mail User wrote:
Certainly not (no dunce cap). Public airing of ideas generally
has merit - quite possibly this idea can be refined to something similar
that will provide a benefit (I admit, I have not given it a lot of thought).
one thing that an MTA can do is to delay its
...
It happens once in a while that I get mails with subjects like:
Subject: Re[3]: talk thread about his pills
and it contains a bunch of random char words, and lots of links to
like Eugene.subsidises.net where in the Eugene varies inside the
mail and sibidises between the mail..
So is it
...
Anyone else been seeing a lot of these come in? The text includes a
snippet about the Iran Nuclear situation and a link to a full article.
The article appears to have been pinched from elsewhere, but the page
includes javascript which appears to use a buffer overflow to load a
.hta file.
...
Is it possible to selectively disable bayes autolearning?
For example, I would like auto learning disabled for mail sent to
this mailing list since all this spam discussion and forwarded spam
snippets would probably pollute the bayses database (which probably
thinks very highly
...
E. Falk wrote:
Rob McEwen wrote:
Does anyone else consider SpamHaus's definition as too weak and believe
that
ANY unsolicited e-mail is spam, even if a personally hand-typed note?
Hmm, how about Hi, I see you have a link on your web page to my site at
XYZ. I'm moving to ABC, and would
a serial number
to each message, include in the message a cryptographic key and the serial
number, sign the message cryptographically, and then publish (e.g. on a web
page) a list of serial numbers and encrypted accounts that the emails were
sent to; If the key sent decodes the encrypted account
...
There's a rule NO_DNS_FOR_FROM which checks for an A or MX record for
the sending IP, but no similar rule checking for PTR (reverse DNS)
entries - and it's not clear to me why not.
Anyone able to enlighten me?
=20- steve
PS: I'm aware that these checks are often used at the MTA level to
in London with a Brooklyn telephone number.
The same guy who operated all the multitrade domains and the Mather Platt
domains also. Currently #3 with a bullet on Spamhaus' list.
Paul Shupak
[EMAIL PROTECTED]
Leo, you out there?
ping always works (14-18ms). telnet to port 80 comes and goes,
as does hping to port 80.
Paul Shupak
[EMAIL PROTECTED]
P.S. Just reached it again, but all links timed out and telnet began failing
again. Also, I have multiple pipes (though most end up in a single SBC
ATM
These people (adtech.de) call themselves (excuse any bad translation,
all my fault). an E-Mail solutions and on-line marketing firm. It would
seem that just like the nate. com case, the redirector is quite intentional
and it would not be unlikely that the abusers are paying customers,
...
I lately received a lot of spam that contains a URL of with an ampersand
like the following ones:
http://mwbmphqks.comuylnzptov306e74lz4hltp4l.wafddiwafd8.com.DEMUNGED/
http://wuqvqspsa.comgwvjb5hnn3f2f1zk4j.impynjimpy9.com.DEMUNGED/
generally be used when speaking of generic domains; Also,
the notation domain.tld is well understood to be an example of a
generic domain also.
In general listing the real site causing problems is good for
everyone else on the list - some will block it, others will take more
extreme action
...
FYI,
I got another receive line here that occurs only in spam, with always the
same ip-segment (not the ip-address that actually delivers the mail).
First I tagged it with SA but now I block the mail in postfix, 15% less
spam!.
Maybe somebody recognizes these lines. It's the second receive
the user not appear as sending spam? I suspect they are out of
luck for the bl rules if pacbell is on a block list.
Here are the full headers (since upgraded to 3.0.4):
From: [EMAIL PROTECTED]
Date: July 9, 2005 2:00:29 PM MST
To: [EMAIL PROTECTED]
Subject: Re: here you go
Return-Path
...
I don't see anything much wrong with the rule selections, other than I think
mr_wiggly and maybe nov2rules are pretty old, and at least mr wiggly is in
sare_specific (I believe it is) these days. I think perhaps also
domaindigits has been depreciated; but I could be wrong about that.
You
...
This is a multi-part message in MIME format.
--090502030107020101040103
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
I have been trying to post to this list using my original subscriber
email address.
Unfortunately, It has been
...
jdow wrote:
From: Aecio F. Neto [EMAIL PROTECTED]
I have been trying to post to this list using my original subscriber
email address.
Unfortunately, It has been not possible up to now.
I am using a personal and secondary address to workaround a dumb rule,
assuming that all hosts under
a problem sending to.
Kai
I am!!!
The problem is with this list that does relies its technics over *not
reliable* listing services.
I know I have already said this, but the problem lies with nearly
all the Brazilian telcos, who quite willingly mark there entire DSL ranges
as dynamic
...
List Mail User [EMAIL PROTECTED] wrote on 07/14/2005 11:50:19 AM:
Remove evilnumbers.cf - check the archives for previous threads
and postings by its author (i.e. it should be delete and not used)
according
to Chris Santerra.
Paul Shupak
[EMAIL PROTECTED]
Bigevil is the bad
...
From: Kris Deugau [EMAIL PROTECTED]
jj-ml wrote:
I've received once a day a spam from [EMAIL PROTECTED]
(fidbroker.com) Since it is a french company and i live in france, i
call them (the phone number is in the spam) and tell them to stop.
They told me they will do so, but of course
...
On Tue, 05 Jul 2005 16:48:22 +
Ronan McGlue [EMAIL PROTECTED] wrote:
what is the official stance on using razor/dcc for not personal use.
I've looked at the 3.1 docs and its off by default. I cant seem to
find any liscencing info on either site. Anyone got any URLS/ info
regarding
Not using any URI tests?
% nslookup -type=any gravesides.com.multi.surbl.org b.surbl.org
Server: b.surbl.org
Address:207.166.203.146#53
Name: gravesides.com.multi.surbl.org
Address: 127.0.0.118
gravesides.com.multi.surbl.org text = Blocked, gravesides.com on lists
Hi!
I have a little problem with spam recognition. I have re-learned
SpamAssassin (deleting old file from .spamassassin directory, to clear
old information) and it worked really nice... but after few days, the
efficency of SpamAssassin degrades from 90% of spam correctly
identified to a 60%... I
...
Just got an ebay phish. The update your account info link points to
brTo update your eBay records click on the following link:
bra href=http://www.fraud-control.net/partner/ebay;
target=_blankhttp://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate/a
Loren
Compare to wamu4u. com
(it will
always and only choose the first match). Possible a [Notfound = return]
clause might be properly inserted in the list for many situations (in
particular when using NIS or NIS+).
Also, doing what I have described, greatly complicates both
the setup and maintenance of the machines which use
is:
None of the URIBLs is psychic. None can list a domain faster than it can be
reported to them. This means that some spam will arrive and not match the test.
Time of check is a factor when you talk about URIBLs. It's a MAJOR factor.
Wow, hard to find. Registered taoday at annulet.com
...
went to this barn on the weekend and was shocked by what goes on inside
http://kwiktera.com/maui/five/oh.html its pretty messed up
I'm running sa with amavis-new
Thanks a lot
Don't even have to check - kwiktera. com - Brazilian porn - name
servers currently in foracyntro34.
had it before. However, the more checks you use, the more
chances you'll be checking the list that got it reported first.
keystreams.com is not on any SURBLs currently.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
keystreams. com seems to be a legitimate hosting
[all snipped]
keystreams. com seems to be a legitimate hosting company; Which
is not to say that they are or are not spam friendly and/or have some
customers who are bad actors. They do have a five year history and seem
to themselves have been clean (unclear how many domains they own or
...
List Mail User wrote:
Again, I apologize for any implied offense - none was intended. (When
I mean to say bad things, I think that the archives will show I do not often
mince my words.) I only meant to point out I didn't do a thorough check
because none seemed to be necessary
to manually add
them all to an accept list.)
Staples has never sent an email to any unsubscribed email address of
mine, and nobody else has ever sent an email to the address I gave to
Staples.
Bob Menschel
Also, agreed; Staples is IMNSHO completely a good guy. The
ones from chetah
...
X-Originating-Server: inaccessible.scottishaccommodationindex.com
Hey, just what I want! An inaccessible Scottish Accomodation! I'll look
one right up on the web!
Loren
Looks like an idiot for an administrator; The registration data
is invalid/incorrect - but does not
[previous stuff snipped]
Loren
Loren is correct. And Jeff and I have had this conversation many times.
Jeff
would rather not risk the FPs by doing it. I can see his point. But I
agree
with Loren that we have IPs that are pure spam.
One tiny quibble. For each machine blocked
-9032
Or they might have gotten on the Staples list the same way I did:
By filling out a Staples rebate form with their email (optional) and not
checking the don't send me email box. BTW. Many of the deals in the
Staples flyer are quite good and I gladly continue to receive
://www.surbl.org/faq.html#numbered
Are there plans to offer an RBL list with the domain names
resolved into IP addresses?
Postifx does have a neat restriction to reject based on the IP address of
the
name server. You run the same risk, but I've noticed that the pr1ces, al1v3
and so on spammer has used
...
At 08:17 AM 6/3/2005, Sven Riedel wrote:
I've recently started getting spams that contain as a body the exact
same string as the subject and one URI underneath.
Is there any way to carry the result of one match forward to another?
That's tricky, but you might be able to use the fact that SA
...
Jeff Chan wrote:
Pardon the dramatic title, but hopefully it got your attention.
This guy's domain got listed by Outblaze, we removed it, and as
thanks this guy paints us as irresponsible. Please help us
straighten him out, gently:
...
I was looking at some FN that got given back to me today, and noticed
that In a lot of them the URL resolves to
61,232.205.186
This site has a very simple pornographic advert in it, that varies
dependent On the URL requested.
Is there anyway to use the lookups for these domains in a
to upgrade right now, just disable RCVD_IN_RFC_IPWHOIS
in local.cf:
score RCVD_IN_RFC_IPWHOIS 0
--
Kelson Vibber
SpeedGate Communications www.speed.net
Or switch to using the list combined-HIB.dnsiplists.completewhois.com.
(Check the page(s) at completewhois.org/completewhois.com
...
Hello List,
Thursday, May 26, 2005, 10:05:26 AM, you wrote:
LMU Though nobody seems to have said it exactly this way: It seems
LMU to be becoming very obvious that the people who say the have problems
LMU with Bayes are those who support a diverse group of users (e.g. ISPs
LMU and email
Bob,
The Staples mention was of interest since I get their weekly ads
to an account here. The very last one hit BAYES_50, but all the others
were from BAYES_00 to (from a 3.0.1 install) BAYES_44. - Most were BAYES_20
(I looked back 4 months - how long that account's mail is kept
Just to keep up; pictilpict4. com is the multitrade group, who now
calls themselves omnicorporation. biz (since every domain with multitrade
in its name has been suspended).
These guys are *very* good at finding techniques to beat both SA
and the SpamCop parser, but they don't
Hi,
Anyone know of a open sourceproject which can
create and manage an email blacklist and also run using qmail, rblsmtpd and even
SpamAssassin rules.
thanks
communication.
If my supposition is correct, the question then becomes: Can using
personal (i.e. per user) Bayes overcome the problems which some users/sites
see? I'm not sure how to test this - certainly I couldn't myself, but maybe
some of the other members of this list are able
a bad postmaster
policy! and I was even able to recieve mail from a company that was listed as
an open-proxy as long as the mail itself wasn't proxied spam.
Quoting List Mail User [EMAIL PROTECTED]:
You could ask them to request removal from the rfci whois list, I only
assign a couple of points
...
List Mail User wrote:
Legitimate domains will use wildcards for 'NS', 'MX' and even
occasionally for some more obscure records, but an 'A' or 'CNAME'
record is nearly always a spammer.
Do you have any statistics for that? I administer plenty of domains
that have wildcard A records
...
From: Keith Ivey [EMAIL PROTECTED]
List Mail User wrote:
Legitimate domains will use wildcards for 'NS', 'MX' and even
occasionally for some more obscure records, but an 'A' or 'CNAME'
record is nearly always a spammer.
Do you have any statistics for that? I administer plenty
...
This rule seems nearly as bad an idea as the one someone suggested a
while back that would penalize everyone who uses a middle initial in
their From: line.
FWIW, I've been running that rule since before it was mentioned on the list,
and it is still moderately useful. It does hit ham
...
Loren Wilton wrote:
FWIW, I've been running that rule [checking for middle initial in
From] since before it was mentioned on the list, and it is still
moderately useful. It does hit ham, but at one point or however I
have it scored that isn't significant. On the other hand, that point
if their own
site or domain hits any proposed rule - look at Hotmail, Lycos or even
the headers on people's list postings and see how many hit rules with
low score values (in particular the DNS_..ABUSE and DNS_..POST rules).
To be a spammer, you have to hit a lot of rules - a good example I got
...
Quoting List Mail User [EMAIL PROTECTED]:
maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
particular do you have problems with ISPs like AOL?). Also, I'm not sure
if my own servers would accept mail from a host like that - It would depend
on the HELO/EHLO
...
List Mail User wrote:
Also, just curious, but do you have problems with the forward
and reverse DNS of you mail servers not mapping together (ex.
mail.dailykos.com
maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
particular do you have problems with ISPs
...
Hi, this is [EMAIL PROTECTED] ... using an alternate email
address to be sure you'd get it. Reply to that address - it may take
forever for me to read this one!
The original message was sent both to you and the list, so you got it
already through the list. Also, it possibly would have
and easily evaded.
- - more importantly, the results weren't very good. ;) Not as good as
URIBL_SBL and the SURBL rules, at least. iirc, the hits mapped very
closely to URIBL_SBL, esp since Spamhaus explicitly list nameservers of
spammed domains.
The details should be on bugzilla somewhere
...
A similar idea, without the back-channel flaw is to test the
domain for either 'CNAME' or 'A' record `wildcards' (as in the command
dig '*.spammer_domain.tld' a and dig '*.spammer_domain.tld' cname).
This is an excellent spam sign (the host portion of the name is often
mapped back
- Original Message -
From: Raymond Dijkxhoorn [EMAIL PROTECTED]
To: wolfgang [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Sent: Sunday, May 15, 2005 9:31 PM
Subject: Re: Bombarded by German political spam
Hi!
it uses a score of 8 and /i - anyway, it might save you some
...
Hi,
I believe treatment of certain diseases should be left to physicians,
rather than to spam mails. The unique collection of dissimilar illnesses should
make for a good rule :)
Wolfgang
begin spam
The New Breakthrough of The Antidote
PROVEN FORMULA Not available in any retail
...
On Sat, 21 May 2005 16:06:25 -0700 (PDT) List Mail User wrote:
Follow the trail; Chris Terrebonne's NFP Inc. - snakeoil and
spam/scammers of Slidell, LA - (985) 726-0928. They've been around a very
long time (domains change weekly, but a few constants like remain
Just a little more history on Chris Terrebonne: The page at
http://www.ipswitch.com/support/utilities.html
has a list of tools used to harvest email accounts and user names written
by Chris Terrebonne (though quite a while ago, and most are no longer
available - reasons not given
...
...
whitelist at surbl dot org
Jeff, thanks for the submission address, i'll send a Bcc there and also post
the list below to uribl's submission form.
frankly, i find it too much effort to check if they are blacklisted, so i will
just list some more german domains that i consider worth
...
Hi all
Using SA 3.0.3 with most of the SARE rules, pyzor, all the SURBL.org
URI-RBLS etc etc along with a few extras.
We got alot lof spam this weekend where the URL was interestingly
obsfucated. here's an example or two..
a
...
wolfgang wrote:
In an older episode (Sunday 15 May 2005 12:44), Raymond Dijkxhoorn wrote:
Hi!
Anyone has a full list of subjects yet, time to do some SA magic... ;)
I have quite a few, here is the subjects list:
Subject: 4,8 Mill. Osteuropaeer durch Fischer-Volmer Erlass
Subject: Auf
.
If some sites on the list happen to have invalid registrations, then it is
probablytheir fault
Wolfgang Hamann
Wolfgang,
What you say make too much sense to be ignored. Since, I am playing
catch-up with my email, this may have already been addressed; But, I
can not speak
Wolfgang,
On a related note; Having just seen the first such email at my site
(it wasn't delivered), I'm assuming the the npd. de is the actual political
party itself? If so, their paper work is squeaky clean, even the name servers'
domains are clean; The best I could do was
...
--nextPart12555236.45TTRGDWuC
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Saturday 14 May 2005 18:30, List Mail User wrote:
[...]
Just to keep up; aeroseddicc. com is another multitrade group
domain. Note
Just to keep up with listing the spam gangs; coolestrxever. com
belongs to the taiwantelco/taiwanmedial group. (and is one of their fake
Beverly Hills 90210/90211 addresses). BTW. The latest registrations have
moved back to Turkey (where they started), but use a Pakistani cellular
phone
Thanks Matt, a new multitrade domain, pics-4-showMUNGED.com. Even
with private registration, it is using a set of their private name servers.
Paul Shupak
[EMAIL PROTECTED]
201 - 300 of 385 matches
Mail list logo
