Re: Irony
Not a chance. Philip Prindeville philipp_s...@redfish-solutions.com wrote: On 2/7/11 1:28 AM, Matus UHLAR - fantomas wrote: On Tue, 1 Feb 2011 09:49:36 -0500 Michael Scheidellmichael.scheid...@secnap.com wrote: because HELO doesn't match RDNS. On 01.02.11 09:54, David F. Skoll wrote: Rejecting on that basis would also cause tons of false-positives. It's also violation of all SMTP RFCs (former and current), because they explicitly say that the sender MUST NOT reject smtp session just because HELO string does not match resolved FQDN. Does anyone else reject messages where the rDNS maps to more than one PTR record?
Re: Irony
On 2/7/11 1:28 AM, Matus UHLAR - fantomas wrote: On Tue, 1 Feb 2011 09:49:36 -0500 Michael Scheidellmichael.scheid...@secnap.com wrote: because HELO doesn't match RDNS. On 01.02.11 09:54, David F. Skoll wrote: Rejecting on that basis would also cause tons of false-positives. It's also violation of all SMTP RFCs (former and current), because they explicitly say that the sender MUST NOT reject smtp session just because HELO string does not match resolved FQDN. Does anyone else reject messages where the rDNS maps to more than one PTR record?
Re: Irony
On Tue, 1 Feb 2011 09:49:36 -0500 Michael Scheidell michael.scheid...@secnap.com wrote: because HELO doesn't match RDNS. On 01.02.11 09:54, David F. Skoll wrote: Rejecting on that basis would also cause tons of false-positives. It's also violation of all SMTP RFCs (former and current), because they explicitly say that the sender MUST NOT reject smtp session just because HELO string does not match resolved FQDN. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
Re: RFC-Ignorant (was Re: Irony)
On 03/02/2011 22:51, Adam Moffett wrote: That's an interesting point of view. It was suggested on this list fairly recently to publish a fake secondary MX as a way to reduce spam. The stated reason being that some spamming software hits the backup MX first and if that doesn't work will give up without trying any others. I realize that can be done without using a 127 or RFC 1918 address, but some people are doing it that way. Out of curiosity, did you start blocking those because you saw that as a pattern in spam email or is it more a matter of principle? Although the fake-MX was discussed I think the discussion included a caveat that if you are going to use a fake-MX you need to use it for an IP address that is allocated and is controlled by you. Otherwise you open up the potential for real mail to do very strange things!!! Use of a BOGON address might have been an idea, as long as it wasn't a BOGON that had special uses (e.g. RFC1918), however, there are no such BOGONs left anymore... the last allocatable IPs were given out this very week. -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
Re: RFC-Ignorant (was Re: Irony)
On 2/4/11 4:54 AM, Giles Coochey wrote: to use it for an IP address that is allocated and is controlled by you. O I think the ip of your router might work. as long as a) you never have an ip on it b) you don't load 'hits' on it to dshield. your dns server, the ip of your outbound nat (as long as it would never answer port 25), etc yes, selecting a RANDOM ip would be bad. someone might put an smtp server on that ip. allowing anyone who is NOT under contract to you to potentially access your inbound email could violate privacy laws in several geopolitical regions. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: RFC-Ignorant (was Re: Irony)
Le 03/02/2011 22:51, Adam Moffett a écrit : That's good. The only useful list (BogusMX) can be discovered without querying rfc-ignorant anyway. Just get the MX records for the sending domain (which are almost certainly in cache) and make sure they resolve to real IP addresses. We reject domains that publish MX records in 127/8 or the RFC 1918 networks. Out of 3.7 million recent messages, we have rejected just over 26,000 for this reason. There may be FPs, but no-one has complained and anyone who publishes such an MX record IMO deserves to be banned. Regards, David. That's an interesting point of view. It was suggested on this list fairly recently to publish a fake secondary MX as a way to reduce spam. The stated reason being that some spamming software hits the backup MX first and if that doesn't work will give up without trying any others. I realize that can be done without using a 127 or RFC 1918 address, but some people are doing it that way. Out of curiosity, did you start blocking those because you saw that as a pattern in spam email or is it more a matter of principle? I'd say both. we're in war against spammers. if non-spammers take a spammer attitude, then they are part of the problem. if you want to catch silly ratware, then - make your MX different from the A of your domain. some ratware will connect to your A record. - change your MX from time to to time. some rateware resolves the MX before deployment - setup a real second MX that defers all mail. sure you'll also block qmail, but is that really a problem?
Re: RFC-Ignorant (was Re: Irony)
On 2/2/2011 7:45 AM, John Levine wrote: RFC Ignorant is deep into kook territory, as should be apparent if you look at which RFCs they expect people to follow, and what their definition of follow is. abuse.net has been listed for years, since there is an autoresponder on ab...@abuse.net, and I've never noticed any delivery problems. One time I asked if they'd delist me if I got rid of the autoresponder and just threw all the abuse mail away. Yes. QED. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6526 We finally agreed that rfc-ignorant.org is useless, or slightly more harmful than good. Spamassassin will be disabling these rules by default sometime soon. http://www.spamtips.org/2011/01/disable-rfc-ignorantorg-rules.html You can disable these rules with this config and avoid a useless DNS query on every mail scan. Warren
Re: RFC-Ignorant (was Re: Irony)
On Thu, 03 Feb 2011 10:42:27 -1000 Warren Togami Jr. wtog...@gmail.com wrote: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6526 We finally agreed that rfc-ignorant.org is useless, or slightly more harmful than good. Spamassassin will be disabling these rules by default sometime soon. That's good. The only useful list (BogusMX) can be discovered without querying rfc-ignorant anyway. Just get the MX records for the sending domain (which are almost certainly in cache) and make sure they resolve to real IP addresses. We reject domains that publish MX records in 127/8 or the RFC 1918 networks. Out of 3.7 million recent messages, we have rejected just over 26,000 for this reason. There may be FPs, but no-one has complained and anyone who publishes such an MX record IMO deserves to be banned. Regards, David.
Re: RFC-Ignorant (was Re: Irony)
That's good. The only useful list (BogusMX) can be discovered without querying rfc-ignorant anyway. Just get the MX records for the sending domain (which are almost certainly in cache) and make sure they resolve to real IP addresses. We reject domains that publish MX records in 127/8 or the RFC 1918 networks. Out of 3.7 million recent messages, we have rejected just over 26,000 for this reason. There may be FPs, but no-one has complained and anyone who publishes such an MX record IMO deserves to be banned. Regards, David. That's an interesting point of view. It was suggested on this list fairly recently to publish a fake secondary MX as a way to reduce spam. The stated reason being that some spamming software hits the backup MX first and if that doesn't work will give up without trying any others. I realize that can be done without using a 127 or RFC 1918 address, but some people are doing it that way. Out of curiosity, did you start blocking those because you saw that as a pattern in spam email or is it more a matter of principle?
Re: RFC-Ignorant (was Re: Irony)
Ha! I tried posting some log lines and they got rejected because of SURBL hits! :) Here goes again... remove the capital X from domain names and IP addresses :) On Thu, 03 Feb 2011 16:51:15 -0500 Adam Moffett adamli...@plexicomm.net wrote: That's an interesting point of view. It was suggested on this list fairly recently to publish a fake secondary MX as a way to reduce spam. The stated reason being that some spamming software hits the backup MX first and if that doesn't work will give up without trying any others. Right, but if you use an RFC-1918 address and your main MX's are down for some reason, your mail might end up in some stranger's hands... think about it. Out of curiosity, did you start blocking those because you saw that as a pattern in spam email or is it more a matter of principle? Definitely a spam pattern. Some logs with private info scrubbed (these all publish an MX resolving to 127.0.0.1): 2011-01-03T00:04:18.230501-05:00 p0354G2P030889: what=rejected, city=Ludhiana, country_code=IN, detail=127.0.0.1;127.0.0.1, reason=bogus-mx, relay=117X.199X.111X.187X, sender=talky479187decont...@partenairex-entreprisex.frx 2011-01-03T08:03:36.235357-05:00 p03D3Y9k030611: what=rejected, city=Johannesburg, country_code=ZA, detail=127.0.0.1, reason=bogus-mx, relay=196X.215X.88X.81X, sender=viagra.pro@mblnewsx.dex 2011-01-03T08:04:03.403712-05:00 p03D42YQ030797: what=rejected, city=Caransebes, country_code=RO, detail=127.0.0.1, reason=bogus-mx, relay=89X.123X.32X.95X, sender=cannery393905extradita...@northwest-winex.comx Those all look pretty spammy to me. We also see some that publish an MX resolving to 255.255.255.255. Even the RFC-1918 ones look pretty bogus to me from our logs. Example: 2011-01-06T03:27:39.901570-05:00 p068RbjC030855: what=rejected, country_code=GB, detail=172.31.32.250, reason=bogus-mx, relay=109X.169X.41X.89X, sender=esantaf...@hitlocodirectx.comx Regards, David.
Re: RFC-Ignorant (was Re: Irony)
David F. Skoll d...@roaringpenguin.com wrote: The battle raged for a while, but eventually we were delisted. (We block mail from to postmas...@roaringpenguin.com because we never, ever send mail from postmas...@roaringpenguin.com) We do the same for postmas...@columbia.edu for the same reason, and I don't think we got listed. Back to go: $ host 140.211.11.3 3.11.211.140.in-addr.arpa domain name pointer hermes.apache.org. $ host hermes.apache.org hermes.apache.org has address 140.211.11.3 Nothing wrong there. The host says helo mail.apache.org and... $ host mail.apache.org mail.apache.org has address 140.211.11.3 If you're going to verify HELO, you need to look up the name given in the HELO. Whether the cost of a lookup is worth the benefit is a bit questionable. We score for impossible HELO names, like name with no dot. Those are usually home Windows boxes, but look out, they can also be hosts at small organizations with overworked or newbie system admins. I would not block outright for that. As David said, lots of fps await. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology
Re: RFC-Ignorant (was Re: Irony)
RFC Ignorant is deep into kook territory, as should be apparent if you look at which RFCs they expect people to follow, and what their definition of follow is. abuse.net has been listed for years, since there is an autoresponder on ab...@abuse.net, and I've never noticed any delivery problems. One time I asked if they'd delist me if I got rid of the autoresponder and just threw all the abuse mail away. Yes. QED. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly
Re: Irony
Hello Danita Zanre, Am 2011-02-01 07:30:19, hacktest Du folgendes herunter: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Thats interesting, because my Courier-MTA does it to and it does not bounce a singel message from this list since years, but several 100.000 spams per day. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Re: Irony
Hello Giles Coochey, Am 2011-02-01 15:46:05, hacktest Du folgendes herunter: Personally, rejecting a message on the basis of a single criteria is pretty harsh. You don't need to be the RFC-police to catch nearly all spam and I'm sure that rejecting on a single issue or dubious fact will affect the receipt of genuine non-SPAM messages. Sorry, but if I would not reject on wrong rDNS, I have to bother spamassassin with arround 700.000 additional spams per day. I am currently using a MTA-proxy and 4 INBOUND MTAs (Dual-Xeon 3 GHz) to get rid of the spams. And the inbound-proxy reject already additional based on ZEN responses. (own caching DNS required otherwise spamhaus would backlist you) This give arround 6-8 million rejects per day. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Re: RFC-Ignorant (was Re: Irony)
Hello David F. Skoll, Am 2011-02-01 10:02:50, hacktest Du folgendes herunter: The battle raged for a while, but eventually we were delisted. (We block mail from to postmas...@roaringpenguin.com because we never, ever send mail from postmas...@roaringpenguin.com) Hmmm, if you could know, how to block this kind of messages on courier-mta, because since some month I receive per day more then 500 spams on postmaster, listmaster and abuse, where my response mails are completely different. Regards, David. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Irony
Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Danita
Re: Irony
On 01/02/2011 15:30, Danita Zanre wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Danita Why??? Default Server: cache0201.ns.eu.uu.net Address: 193.79.237.39 hermes.apache.org Server: cache0201.ns.eu.uu.net Address: 193.79.237.39 Non-authoritative answer: Name:hermes.apache.org Address: 140.211.11.3 140.211.11.3 Server: cache0201.ns.eu.uu.net Address: 193.79.237.39 Name:hermes.apache.org Address: 140.211.11.3 -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
Re: Irony
* Danita Zanre dan...@caledonia.net: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Enforce how exactly? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Irony
On Tue, 01 Feb 2011 07:30:19 -0700 Danita Zanre dan...@caledonia.net wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. The irony is that you think that's a good idea. -- David.
Re: Irony
David F. Skoll wrote: On Tue, 01 Feb 2011 07:30:19 -0700 Danita Zanre dan...@caledonia.net wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. The irony is that you think that's a good idea. -- David. Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? RCR
Re: Irony
On 01/02/2011 15:43, Randy Ramsdell wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? Personally, rejecting a message on the basis of a single criteria is pretty harsh. You don't need to be the RFC-police to catch nearly all spam and I'm sure that rejecting on a single issue or dubious fact will affect the receipt of genuine non-SPAM messages. -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
Re: Irony
On 2/1/11 9:34 AM, Giles Coochey wrote: On 01/02/2011 15:30, Danita Zanre wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Danita Why??? Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) because HELO doesn't match RDNS. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: Irony
On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdell rramsd...@activedg.com wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? Microsoft Windows is very common, but that doesn't make it a good idea. We add a small score [1.2 points, to be precise] for sending relays that lack reverse-DNS. I can guarantee we'd get a high number of false-positives if we outright rejected such relays. Regards, David.
Re: Irony
David F. Skoll wrote: On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdell rramsd...@activedg.com wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? Microsoft Windows is very common, but that doesn't make it a good idea. We add a small score [1.2 points, to be precise] for sending relays that lack reverse-DNS. I can guarantee we'd get a high number of false-positives if we outright rejected such relays. Regards, David. We do not reject either, but many do. i.e Yahoo
Re: Irony
On 2/1/11 9:49 AM, David F. Skoll wrote: On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdellrramsd...@activedg.com wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? so we should reject your email if you are on the rfc-ignorant. org list? 220 beattock.caledonia.net ESMTP ready. helo mx1.secnap.com.ionspam.net 250 beattock.caledonia.net Hello mx1.secnap.com.ionspam.net [204.89.241.253] mail from: 250 OK rcpt to: ab...@caledonia.net 550 Missing, invalid or expired BATV signature Connection closed by foreign host. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: Irony
On 01/02/2011 15:49, Michael Scheidell wrote: On 2/1/11 9:34 AM, Giles Coochey wrote: On 01/02/2011 15:30, Danita Zanre wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Danita Why??? Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) because HELO doesn't match RDNS. OMG It must be SPAM! -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
Re: Irony
On Tue, 1 Feb 2011 09:49:36 -0500 Michael Scheidell michael.scheid...@secnap.com wrote: because HELO doesn't match RDNS. Rejecting on that basis would also cause tons of false-positives. Regards, David.
Re: Irony
Michael Scheidell wrote: On 2/1/11 9:49 AM, David F. Skoll wrote: On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdellrramsd...@activedg.com wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? so we should reject your email if you are on the rfc-ignorant. org list? 220 beattock.caledonia.net ESMTP ready. helo mx1.secnap.com.ionspam.net 250 beattock.caledonia.net Hello mx1.secnap.com.ionspam.net [204.89.241.253] mail from: 250 OK rcpt to: ab...@caledonia.net 550 Missing, invalid or expired BATV signature Connection closed by foreign host. No
RFC-Ignorant (was Re: Irony)
On Tue, 1 Feb 2011 09:52:04 -0500 Michael Scheidell michael.scheid...@secnap.com wrote: [204.89.241.253] mail from: 250 OK rcpt to: ab...@caledonia.net 550 Missing, invalid or expired BATV signature A long time ago, I was involved with an argument with the RFC-Ignorant maintainer. The thread starts here: http://lists.megacity.org/pipermail/rfci-discuss/2004-September/002668.html The gist of my argument was that addresses that never *send* mail can reasonably expect never to *receive* DSNs or other kinds of messages with an envelope sender of and can legitimately block them. The battle raged for a while, but eventually we were delisted. (We block mail from to postmas...@roaringpenguin.com because we never, ever send mail from postmas...@roaringpenguin.com) Regards, David.
Re: More unintentional spam humor/irony
At 03:21 PM 9/11/2005, Justin Mason wrote: The choice of anti-bayes-filler below is unfortunate on so many levels nasty. but unsurprising -- I've always thought that news/current events would make the best bayes poison -- certainly beats 19th century prose J, I think the unfortunate part that Barton was referring to (the part that creates humor) is the joining of e-colli with a weight loss spam. Getting e. coli is a quick way to loose weight, but a VERY unpleasant and rather grotesque way to do it. (slightly gross, as this page describes the symtpoms of e. coli, but nothing too graphic:) http://www.cdc.gov/ncidod/dbmd/diseaseinfo/escherichiacoli_g.htm So, how would you like to try my new weight loss program, recognized by the CDC itself! I dunno, I thought the mention of the Army Corps of Engineers and pumping in the same message as a lose weight message was pretty funny as well... Thomas
Re: More unintentional spam humor/irony
Thomas Cameron wrote: I dunno, I thought the mention of the Army Corps of Engineers and pumping in the same message as a lose weight message was pretty funny as well... Hmm.. Mil-spec liposuction? Ouch.
More unintentional spam humor/irony
The choice of anti-bayes-filler below is unfortunate on so many levels ... and on top of that, they spammed our abuse address. (Links to spammer site deleted.) -- Forwarded message -- Date: Sun, 11 Sep 2005 09:45:40 +0500 From: Nadia Joyner [EMAIL PROTECTED] To: abuse Subject: Re: Nadia The Environmental Protection Agency said initial samples of the floodwaters indicated high levels of lead and E. coli and other coliform bacteria. Don't you think it's about time to drop a few pounds? Now you can, without sacrifice or exercise A representative of the Army Corps of Engineers said 23 of the 148 permanent pumps in New Orleans were working, their efforts augmented by three portable pumps.
Re: More unintentional spam humor/irony
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bart Schaefer writes: The choice of anti-bayes-filler below is unfortunate on so many levels nasty. but unsurprising -- I've always thought that news/current events would make the best bayes poison -- certainly beats 19th century prose ... and on top of that, they spammed our abuse address. but that's just dumb. ;) some spamware greps out 'abuse', 'root', 'postmaster', etc. - --j. (Links to spammer site deleted.) -- Forwarded message -- Date: Sun, 11 Sep 2005 09:45:40 +0500 From: Nadia Joyner [EMAIL PROTECTED] To: abuse Subject: Re: Nadia The Environmental Protection Agency said initial samples of the floodwaters indicated high levels of lead and E. coli and other coliform bacteria. Don't you think it's about time to drop a few pounds? Now you can, without sacrifice or exercise A representative of the Army Corps of Engineers said 23 of the 148 permanent pumps in New Orleans were working, their efforts augmented by three portable pumps. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFDJIOdMJF5cimLx9ARAhfGAJ0S3/n0OUgOrhoVIvTBsiXqqmoAEgCgj/iM ku5MInR2w9dEiVkT7bdgb1w= =QTSC -END PGP SIGNATURE-
Re: More unintentional spam humor/irony
At 03:21 PM 9/11/2005, Justin Mason wrote: The choice of anti-bayes-filler below is unfortunate on so many levels nasty. but unsurprising -- I've always thought that news/current events would make the best bayes poison -- certainly beats 19th century prose J, I think the unfortunate part that Barton was referring to (the part that creates humor) is the joining of e-colli with a weight loss spam. Getting e. coli is a quick way to loose weight, but a VERY unpleasant and rather grotesque way to do it. (slightly gross, as this page describes the symtpoms of e. coli, but nothing too graphic:) http://www.cdc.gov/ncidod/dbmd/diseaseinfo/escherichiacoli_g.htm So, how would you like to try my new weight loss program, recognized by the CDC itself! :)
Ah, the irony. [Fwd: ScanMail Message: To Sender, sensitive content found and action taken.]
System Attendant wrote: Trend SMEX Content Filter has detected sensitive content. Place = ; mimedefang@lists.roaringpenguin.com; users@spamassassin.apache.org; ; mimedefang@lists.roaringpenguin.com Sender = Kris Deugau Subject = [Mimedefang] Re: Frustration... Delivery Time = November 04, 2004 (Thursday) 16:33:14 Policy = LetterP June 26th 2003\LetterV June 26th 2003 Action on this mail = Quarantine message Warning message from administrator: Content filter has detected a sensitive e-mail. This is why you don't blindly filter for spam based on single, simple criteria... (Or filter a subscribers-only mailing list.) (No doubt cause by my reply to Lisa Casey, in which I quoted certain words she was considering using to reject mail.) -kgd -- Get your mouse off of there! You don't know where that email has been!
