Re: Junk mixed in with ham on whitelists

On 02/20/2018 04:08 PM, David Jones wrote: On 02/20/2018 03:48 PM, David Jones wrote: On 02/20/2018 12:57 PM, Kevin A. McGrail wrote: On 2/20/2018 1:53 PM, David Jones wrote: Over the years I have noticed junk/spam email coming from these servers so I created this rule: header 

pyzor internal error on some messages

Hi, Does anyone know what could be causing this? This is on fedora with pyzor-1.1.0-1.20170904gitd14e980 Feb 20 22:08:07.475 [28639] dbg: pyzor: network tests on, attempting Pyzor Feb 20 22:08:13.098 [28639] dbg: pyzor: pyzor is available: /usr/bin/pyzor Feb 20 22:08:13.100 [28639] dbg: pyzor:

Re: Junk mixed in with ham on whitelists

David Jones skrev den 2018-02-21 00:14: https://pastebin.com/mjvB0MKg (scored 10.96) -0.10 DKIM_VALID Message has at least one valid DKIM or DK signature Authentication-Results: smtp3i.ena.net; dkim=policy reason="signing key too small" (768-bit key) header.d=mails-express.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 6:05 PM, @lbutlr wrote: On 2018-02-20 (08:30 MST), Rob McEwen wrote: Spammers are starting to use this to evade spam filters, This is not news. Spammers have been using shortness since 3 seconds after tinyurl.com launched. My "this" was /*specifically*/

Re: Junk mixed in with ham on whitelists

On 02/20/2018 03:48 PM, David Jones wrote: On 02/20/2018 12:57 PM, Kevin A. McGrail wrote: On 2/20/2018 1:53 PM, David Jones wrote: Over the years I have noticed junk/spam email coming from these servers so I created this rule: header  ENA_RCVD_NOTRUST    Received =~

Re: Junk mixed in with ham on whitelists

David Jones skrev den 2018-02-20 23:08: That is ridiculous!!! It requires 8 DNS queries and shouldn't include Google's servers. +1 v=spf1 ip4:23.83.208.1/20 ip4:23.91.112.0/20 ip4:46.232.183.0/24 ip4:50.87.152.0/21 ip4:50.116.64.0/18 ip4:64.233.160.0/19 ip4:66.102.0.0/20

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (08:30 MST), Rob McEwen wrote: > > Spammers are starting to use this to evade spam filters, This is not news. Spammers have been using shortness since 3 seconds after tinyurl.com launched. > Keep in mind that, if a marketer is doing things the right way,

Re: Blacklist for reply-to?

On 2018-02-20 (06:02 MST), Rupert Gallagher wrote: > > Do you have the legal right to do so? Absolutely. No one gets to inflict a contract on me. Especially not a entirely stupid nonsense thing that like that piece of crap that has no legal weight whatsoever. -- We are

Re: Junk mixed in with ham on whitelists

On 20 Feb 2018, at 16:48, David Jones wrote: It doesn't seem like a good idea for whitelists to list these senders just because most of the email is ham. I can see no evidence for that in a quick check of my personal mail. In 10 years: 68 messages 50 spam (all reported) 6 replies to spam

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 1:17 AM, @lbutlr wrote: goo.gl (and other shorteners) are used for far more than email. That said, most my incoming email is rejected long before it get to any sort of URI lookups based on just the transaction information, That is to say, upwards of 90% of incoming mail is

Re: Blacklist for reply-to?

You are wrong. Sent from ProtonMail Mobile On Wed, Feb 21, 2018 at 00:07, @lbutlr wrote: > On 2018-02-20 (06:02 MST), Rupert Gallagher wrote: > > Do you have the legal > right to do so? Absolutely. No one gets to inflict a contract on me. > Especially not a entirely stupid

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (19:42 MST), Rob McEwen wrote: > > I ran stats on a sample set of a few thousand mailboxes, over a period of > several hours today (mostly during business hours for these particular > organizations who use these mailboxes) - and this produced a combined 24K

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (22:10 MST), Reindl Harald wrote: > > you may hit confirmation-urls (both ham and spam), trigger actions, trigger > *one-time* urls which are invalid for the user after a dumb bot used them not > talking about that it would be illegal in many countries in

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 1:38 AM, @lbutlr wrote: As I suspected, it is possible to get the goo.gl target URL without loading the site, though using curl is probably not realistic in this specific case. That is an idea worth exploring! Some might greatly benefit from that. However: (a) it might not

Re: Blacklist for reply-to?

Beware that companies use a legal note in their signature as advised by their lawyers, and many individuals do the same, to inform the reader about laws that apply regardless of where or when you are reading their note. A mail from Europe is subject to data protection. It does not matter if you

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 21, 2018, at 1:38 AM, @lbutlr wrote: > > On 2018-02-20 (22:10 MST), Reindl Harald wrote: >> >> you may hit confirmation-urls (both ham and spam), trigger actions, trigger >> *one-time* urls which are invalid for the user after a dumb bot

Re: Blacklist for reply-to?

On 18/02/2018 21:06, Kenneth Porter wrote: Is there a blacklist for domains in the reply-to header? I've noticed a lot of spam with no URL and mutating From but the reply-to domain is always aliyun dot com. I want to add a site-wide blacklist for that. If you are willing to write a little SA

Re: Blacklist for reply-to?

Do you have the legal right to do so? On Tue, Feb 20, 2018 at 00:23, @lbutlr wrote: > On 2018-02-19 (09:57 MST), Paul Stead wrote: > ...@zeninternet.co.uk> > I reject your terms. @zeninternet.co.uk>

Save the date: ApacheCon North America, September 24-27 in Montréal

Dear Apache Enthusiast, (You’re receiving this message because you’re subscribed to a user@ or dev@ list of one or more Apache Software Foundation projects.) We’re pleased to announce the upcoming ApacheCon [1] in Montréal, September 24-27. This event is all about you — the Apache project

The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

RE: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response) WARNING FOR ESPs AND MARKETERS: Google's "goo.gl" shortner is OUT OF CONTROL. Spammers are starting to use this to evade spam filters, and Google isn't keeping up with the abuse, nor shutting these down fast enough.

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 10:57 AM, Reindl Harald wrote: and how do you imagine that i prevent paying customers to use whatever url-shortener? Perhaps use the SAME methods that an ESP would use to prevent a customer from sending an egregious phish (or terminate their account for sending a phish). Of

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 11:45 AM, Rob McEwen wrote: And we ALL have to constantly shift our tactics to deal with emerging realities like this one - or risk getting left behind by our competitors who do keep up. ALSO - Likewise, it was very frustrating that I had to spend hours late last night making

Junk mixed in with ham on whitelists

Over the years I have noticed junk/spam email coming from these servers so I created this rule: header ENA_RCVD_NOTRUSTReceived =~

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 12:21 PM, Reindl Harald wrote: we have well working outbound spamfilters Excellent! but just because someone has a google-shortener within a mail says *nothing at all* - frankly i even got a week ago a mail from my boss where the google-shortener was used for a only internal

Re: Blacklist for reply-to?

The matter is controversial. Lists have own defaults, who often abuse their original aim of mere forwarding, especially when they redistribute from a long-term archive. On the other hand, people have own default banners for all outgoing correspondence, some with explicit reference to the

Re: Junk mixed in with ham on whitelists

On 02/20/2018 12:57 PM, Kevin A. McGrail wrote: On 2/20/2018 1:53 PM, David Jones wrote: Over the years I have noticed junk/spam email coming from these servers so I created this rule: header  ENA_RCVD_NOTRUST    Received =~

Re: Blacklist for reply-to?

On 2/19/2018 7:15 PM, John Hardin wrote: Kevin, can that be set to advisory rather than completely killed? Agreed.  I'll comment out the setting of the score to zero in nonKAMrules.cf.