-Original Message-
From: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 04, 2007 4:08 AM
To: users@spamassassin.apache.org
Subject: Re: hallmark greeting card spam and broken spf records.
On Friday 03 August 2007, Michael Scheidell wrote:
(yes, spf
Michael Scheidell wrote:
#2, hallmark ITSELF has broken spf records (componds the problem)
That IS the problem as I understand it. It appears that Hallmark has
made a legitimate effort to publish an accurate SPF record identifying
their systems. Unfortunately the record is unnecessarily
On Fri, Aug 03, 2007 at 11:17:30PM +0200, Matus UHLAR - fantomas wrote:
also, not everyone is using SARE rules, and I think that until SA devels
won't trust them to include them into SA, many admins will not install them.
On 03.08.07 18:14, Theo Van Dinter wrote:
fwiw, it has nothing to do
On Friday 03 August 2007, Michael Scheidell wrote:
(yes, spf is broken) especially when companies like hallmark, who know
they are being used as 'phishing' targets list the whole world as
authoritative mail servers.
That does not mean spf is broken. MX is not broken when someone sets his
Rocco Scappatura wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
All of the ones I have received have a url with a numeric ip, followed
by usually a 32 character string in the url (MD5 hash?).
Here is my rule
Duane Hill wrote:
There is already a test SA does for a dotted-decimal IP in a URL:
Yeah, I was afraid of false positives by raising the score of that rule.
So I made my own rule that only matches these specific urls (with the
MD5 sum) instead.
Regards,
Michael Schout
On Fri, 3 Aug 2007 at 08:03 -0500, [EMAIL PROTECTED] confabulated:
Rocco Scappatura wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
All of the ones I have received have a url with a numeric ip, followed
by
(yes, spf is broken) especially when companies like hallmark, who know
they are being used as 'phishing' targets list the whole world as
authoritative mail servers.
I say damn them all, blacklist hallmark till they at least fix their spf
records: (i suspect its the :12 9 )? shb a period?
on
On Fri, 2007-08-03 at 13:26 -0400, Michael Scheidell wrote:
(yes, spf is broken) especially when companies like hallmark, who know
they are being used as 'phishing' targets list the whole world as
authoritative mail servers.
I say damn them all, blacklist hallmark till they at least fix
On Fri, 3 Aug 2007, Michael Scheidell wrote:
Subject: [SPAM]You have recieved a Hallmark E-Card !
http://www.impsec.org/~jhardin/antispam/postcards.cf has been updated
for this subject line, and also for some new domain names.
--
John Hardin KA7OHZ
On Fri, 3 Aug 2007, Michael Schout wrote:
Here is my rule that traps them. I have not seen any get through
after this:
body LOCAL_POSTCARD_URL m'http://\d+\.\d+\.\d+\.\d+/\?[0-9a-f]{8,}'
describe LOCAL_POSTCARD_URL Body contains postcard scam url
scoreLOCAL_POSTCARD_URL 3.0
-Original Message-
From: McDonald, Dan [mailto:[EMAIL PROTECTED]
Sent: Friday, August 03, 2007 2:45 PM
To: users@spamassassin.apache.org
Subject: Re: hallmark greeting card spam and broken spf records.
On Fri, 2007-08-03 at 13:26 -0400, Michael Scheidell wrote:
(yes, spf
Rocco Scappatura schrieb:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
On 03.08.07 17:51, arni wrote:
I
On Fri, Aug 03, 2007 at 11:17:30PM +0200, Matus UHLAR - fantomas wrote:
also, not everyone is using SARE rules, and I think that until SA devels
won't trust them to include them into SA, many admins will not install them.
fwiw, it has nothing to do with trust. SA (and all the rules, etc,)
are
On Friday 03 August 2007, Michael Scheidell wrote:
(yes, spf is broken) especially when companies like hallmark, who know
they are being used as 'phishing' targets list the whole world as
authoritative mail servers.
I say damn them all, blacklist hallmark till they at least fix their spf
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
BR,
rocsca
On Tue, Jul 31, 2007 at 10:03:30AM +0200, Rocco Scappatura wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
On Tuesday 31 July 2007, Rocco Scappatura wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
Mine stops it fine.
Rocco wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
Hi Rocco,
those I looked at all had a numeric ip in the
Rocco Scappatura escribió:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
BR,
rocsca
I asked something about
20 matches
Mail list logo