Hi, On Thu, Oct 11, 2018 at 5:15 PM David Jones <djo...@ena.com> wrote: > > On 10/11/18 3:30 PM, Alex wrote: > > Hi, > > > > I'm curious what people think of this: > > > > https://pastebin.com/1XjwaCY1 > > > > It's unsolicited, so that makes it spam to me, but is it dangerous? > > yesinsights.com appears to be a legitimate company, but the sender, > > e...@hrteamerus.com, is a registered domain but has no DNS record. > > > > Is it just a lame attempt to confirm email addresses? > > > > Outlook just seems to be a non-stop source of spam. I'd report it to > > yesinsights, but it appears it's being used exactly as the service > > intended? > > > > Any idea on tips to block it, other than bayes? > > > > Is that the entire email in the pastebin link above? I ran it through > my SA platform and it's missing a few headers. > > DKIM_INVALID,DKIM_SIGNED,ENA_NO_TO_CC,MISSING_DATE,MISSING_FROM, > MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT
Yes, it's the complete email - those missing headers are in the pastebin. It also passed DKIM. Send me a message if you want the original. > Since it doesn't have a valid opt-out, I would report it to SpamCop, > report it to yesinsights.com's abuse if SpamCop doesn't already, and add > a blacklist_from *@hrteamerus.com entry. Yes, we've seen an increase in these types of emails. We've reported it to spamcop, but there doesn't appear to be a way to communicate abuse to yesinsights. > If you start seeing patterns of repeating emails, then a local content > rule and Bayes training would be the best option. Maybe get these into > the nightly masscheck so others can work on some rules to go into the > default ruleset. I'll see if I can get this submitted.
