On Mar 31, 2018, at 4:52 AM, Pedro David Marco wrote:
>
> Amir, can you provide any pastebin sample, please?
I thought it was relatively self-explanatory, but I'm talking about names very
much like the ones that Rich Wales included in his recent email (subject: "Spam
Following up on this... I've been consistently seeing a lot of spam like this,
with multi-dot usernames. Sometimes with "person.from.spam" but more often
just a punctuated phrase like "some.spammy.item.sold" or whatever. Most often
only two dots (three words), sometimes four or more.
Has
On Mon, 5 Mar 2018, Amir Caspi wrote:
On Mar 5, 2018, at 11:13 PM, John Hardin wrote:
*before* the @ sign.
It may be perfectly valid to do that, but if it happens more often in spam than
in legitimate mail it is useful to us.
I’m seeing a lot of spam lately with
On Mar 5, 2018, at 11:13 PM, John Hardin wrote:
>
> *before* the @ sign.
>
> It may be perfectly valid to do that, but if it happens more often in spam
> than in legitimate mail it is useful to us.
I’m seeing a lot of spam lately with usernames like
On Tue, 6 Mar 2018, Benny Pedersen wrote:
Pedro David Marco skrev den 2018-03-06 06:22:
header __ODD_FROM_SPAM From:addr =~ /.{1,20}\..{1,20}\..{1,20}@/
Sorry for spoiling the party, David, but i have seen many valid email
addresses with two dots inside.
users@spamassassin.apache.org
:-)
On 5 Mar 2018, at 15:14, David Jones wrote:
FYI This could be something for KAM.cf potentially...
I have seen a few of these this morning that would be scoring just
under the default SA threshold of 5.0 and are just under my
MailScanner 6.0 threshold.
https://pastebin.com/r2eZJaef
I am
Pedro David Marco skrev den 2018-03-06 06:22:
header __ODD_FROM_SPAM From:addr =~ /.{1,20}\..{1,20}\..{1,20}@/
Sorry for spoiling the party, David, but i have seen many valid email
addresses with two dots inside.
users@spamassassin.apache.org
:-)
>header __ODD_FROM_SPAM From:addr =~ /.{1,20}\..{1,20}\..{1,20}@/
Sorry for spoiling the party, David, but i have seen many valid email addresses
with two dots inside.
PedroD
On 03/05/2018 05:46 PM, Alex wrote:
Hi,
On Mon, Mar 5, 2018 at 3:14 PM, David Jones wrote:
FYI This could be something for KAM.cf potentially...
I have seen a few of these this morning that would be scoring just under the
default SA threshold of 5.0 and are just under my
Hi,
On Mon, Mar 5, 2018 at 3:14 PM, David Jones wrote:
> FYI This could be something for KAM.cf potentially...
>
> I have seen a few of these this morning that would be scoring just under the
> default SA threshold of 5.0 and are just under my MailScanner 6.0 threshold.
>
>
On Mon, 5 Mar 2018 14:39:54 -0600
David Jones wrote:
> On 03/05/2018 02:14 PM, David Jones wrote:
> > FYI This could be something for KAM.cf potentially...
> >
> > I have seen a few of these this morning that would be scoring just
> > under the default SA threshold of 5.0 and are just under my
David Jones skrev den 2018-03-05 21:39:
https://pastebin.com/YMx8V1J7
They have some bayes-busting text in there. Maybe the URIBLs (IVM)
will catch up to these and block them soon.
SPF_HELO_PASS && SPF_PASS && !DMARC_PASS
not spam ?
note dmarc pass can be done with a spf pass
On 03/05/2018 02:14 PM, David Jones wrote:
FYI This could be something for KAM.cf potentially...
I have seen a few of these this morning that would be scoring just under
the default SA threshold of 5.0 and are just under my MailScanner 6.0
threshold.
https://pastebin.com/r2eZJaef
I am
FYI This could be something for KAM.cf potentially...
I have seen a few of these this morning that would be scoring just under
the default SA threshold of 5.0 and are just under my MailScanner 6.0
threshold.
https://pastebin.com/r2eZJaef
I am reporting these to Spamcop but new waves of
14 matches
Mail list logo