Hmmm. I think we need a BL for reporting ISP's that are clueless as to
run filtering on their "abuse" mailbox (or the mailbox that's listed for
their ARIN/RIPE AbuseEmail attributes).
Anyway, I have no idea why I'm seeing some of these scores. URL matches
when there aren't even URL's in my message?
A 2.6 score on BAYES_00? URIBL_JP_SURBL and URIBL_OB_SURBL? And what
the heck is DNS_FROM_OPENWHOIS???
TVD_STOCK1? There's no mention of stock anywhere in the message. Why am I
seeing all of these bogus matches?
I looked on the wiki for some of these, but couldn't find descriptions.
What should I do? Just block their domain? I don't want to deal with their
misconfiguration issues.
-Philip
========
Received: from localhost (localhost)
by mail.redfish-solutions.com (8.14.1/8.14.1) id m1H2M5XP027602;
Sat, 16 Feb 2008 19:22:05 -0700
Date: Sat, 16 Feb 2008 19:22:05 -0700
From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="m1H2M5XP027602.1203214925/mail.redfish-solutions.com"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
This is a MIME-encapsulated message
--m1H2M5XP027602.1203214925/mail.redfish-solutions.com
The original message was received at Sat, 16 Feb 2008 19:22:01 -0700
from pool-71-112-32-245.sttlwa.dsl-w.verizon.net [71.112.32.245]
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED]>
(reason: 550-"This email has been automatically tagged as spam)
<[EMAIL PROTECTED]>
(reason: 550-"This email has been automatically tagged as spam)
----- Transcript of session follows -----
... while talking to alpha.inbound.mercury.spaceservers.net.:
DATA
<<< 550-"This email has been automatically tagged as spam
<<< 550-Spam detection software, operated by UKDomains limited, has
<<< 550-identified this incoming email as possible spam.
<<< 550-contact [EMAIL PROTECTED] for details and error reports.
<<< 550-pts rule name description
<<< 550----- ----------------------
--------------------------------------------------
<<< 550-1.1 DNS_FROM_OPENWHOIS RBL: Envelope sender listed in
<<< 550-bl.open-whois.org.
<<< 550--0.0 SPF_PASS SPF: sender matches SPF record
<<< 550--2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
<<< 550-[score: 0.0000]
<<< 550-1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
<<< 550-blocklist
<<< 550-[URIs: chalturs.com]
<<< 550-1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
<<< 550-blocklist
<<< 550-[URIs: chalturs.com]
<<< 550-0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
<<< 550-[URIs: redfish-solutions.com]
<<< 550 3.4 AWL AWL: From: address is in the auto white-list"
554 5.0.0 Service unavailable
--m1H2M5XP027602.1203214925/mail.redfish-solutions.com
Content-Type: message/delivery-status
Reporting-MTA: dns; mail.redfish-solutions.com
Received-From-MTA: DNS; pool-71-112-32-245.sttlwa.dsl-w.verizon.net
Arrival-Date: Sat, 16 Feb 2008 19:22:01 -0700
Final-Recipient: RFC822; [EMAIL PROTECTED]
Action: failed
Status: 5.2.0
Remote-MTA: DNS; alpha.inbound.mercury.spaceservers.net
Diagnostic-Code: SMTP; 550-"This email has been automatically tagged as spam
Last-Attempt-Date: Sat, 16 Feb 2008 19:22:05 -0700
Final-Recipient: RFC822; [EMAIL PROTECTED]
Action: failed
Status: 5.2.0
Remote-MTA: DNS; alpha.inbound.mercury.spaceservers.net
Diagnostic-Code: SMTP; 550-"This email has been automatically tagged as spam
Last-Attempt-Date: Sat, 16 Feb 2008 19:22:05 -0700
--m1H2M5XP027602.1203214925/mail.redfish-solutions.com
Content-Type: message/rfc822
Return-Path: <[EMAIL PROTECTED]>
Received: from [192.168.10.120] (pool-71-112-32-245.sttlwa.dsl-w.verizon.net
[71.112.32.245])
(authenticated bits=0)
by mail.redfish-solutions.com (8.14.1/8.14.1) with ESMTP id
m1H2M0XQ027599
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
Sat, 16 Feb 2008 19:22:01 -0700
Message-ID: <[EMAIL PROTECTED]>
Date: Sat, 16 Feb 2008 18:21:27 -0800
From: Abuse Department <[EMAIL PROTECTED]>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Of course it's spam: it's an "abuse" mailbox
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.63 on 192.168.1.3
Of course it's spam. It's a copy of an offending message (that
originated from *your* site) being reported back to you, and do you
"abuse" mailbox.
If it weren't spam, there'd hardly be a point in reporting it now, would
there?
What other brilliant deductions are to follow? That there are "a lot of
sick people in a hospital"?
Get a clue. Better yet, if you were as good at detecting *outbound*
spam coming from your site as you are incoming spam, we wouldn't be
having this discussion now, would we?
The original message was received at Sat, 16 Feb 2008 19:15:17 -0700
from pool-71-112-32-245.sttlwa.dsl-w.verizon.net [71.112.32.245]
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED]>
(reason: 550-"This email has been automatically tagged as spam)
----- Transcript of session follows -----
... while talking to alpha.inbound.mercury.spaceservers.net.:
>>> DATA
<<< 550-"This email has been automatically tagged as spam
<<< 550-Spam detection software, operated by UKDomains limited, has
<<< 550-identified this incoming email as possible spam.
<<< 550-contact [EMAIL PROTECTED] for details and error reports.
<<< 550-pts rule name description
<<< 550----- ----------------------
--------------------------------------------------
<<< 550-1.1 DNS_FROM_OPENWHOIS RBL: Envelope sender listed in
<<< 550-bl.open-whois.org.
<<< 550--0.0 SPF_PASS SPF: sender matches SPF record
<<< 550-3.1 UNCLAIMED_MONEY BODY: People just leave money laying around
<<< 550-3.8 TVD_STOCK1 BODY: TVD_STOCK1
<<< 550--2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
<<< 550-[score: 0.0000]
<<< 550-1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
<<< 550-blocklist
<<< 550-[URIs: chalturs.com]
<<< 550-1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
<<< 550-blocklist
<<< 550-[URIs: chalturs.com]
<<< 550-0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
<<< 550 [URIs: redfish-solutions.com]"
554 5.0.0 Service unavailable
--m1H2M5XP027602.1203214925/mail.redfish-solutions.com--
