Re: [sniffer] new spam storm?

Tue, 04 Jan 2005 15:15:51 -0800

I've noted that dictionary attack type spam is generally of this variety, and while you are probably blocking a great deal of this, the sheer volume makes it look like you aren't doing that well against it.

I've also noted that the domains that they use are frequently changed, thus escaping both SURBL and Sniffer for periods of time. I am under the impression that these spammers have taken to using multiple domains at once and segmenting the domains that they attack with them so that if one domain gets listed in SURBL (or Sniffer for a select group), then it won't affect their entire campaign. Some of these campaigns are so high in volume that there is no way that the domains could otherwise escape being listed for more than 15 minutes.

This technique would fall under the guise of "if I was a spammer, this would be what I would do." Generally these guys are only underachievers because spam prevention generally sucks and even if blocked, the anti-social characteristics of hijacking computers and pummeling others with their garbage has enough redeeming value (from their perspective) to keep them happy. They are however capable of finding ways around almost every method that we use, but they for the most part just don't bother to try, but they are definitely trying harder than before.

Something else that I have noted recently is that they seem to be going after DUL space overseas instead of exclusively crawling well known and well tagged IP space in North America. It seems that the majority of zombie generated spam that gets through or is scored low on my system is originating from overseas.

Maybe applicable in your case, maybe not.

I believe that Pete's plans for incremental updates will help to address such issues by making Sniffer even more real-time than it already is.

Matt



Kirk Mitchell wrote:

 Seems like I've been getting a ton of spam in the last few days that's
been scored as either LOW or CLEAN, many of them for cheap drugs, watches
or my cheating wife. I have AutoSNF running every 2 hours, so it shouldn't
be due to outdated rulesets. Is anyone else seeing this, or could I be
missing something?

Thanks,




--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================


This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Reply via email to