UCE Sneaking in on our whitelist... How to stop
Alex Neuman
alex at nkpanama.com
Tue Jun 15 13:22:05 IST 2004
You should look into using a few RBL's. If you look 221.124.187.119 up at
http://openrbl.org/ you'll see that they're listed at DBSL, SpamCop and
other RBL's. SpamHaus also lists them in their SBL-XBL. Look at the report
at http://www.dnsstuff.com/tools/ip4r.ch?ip=221.124.187.119 for more info.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of David Thurman
Sent: Tuesday, June 15, 2004 7:07 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: UCE Sneaking in on our whitelist... How to stop
We are now seeing new spam coming in with our email addy, return addy is the
same, here is my email header
I changed the from to mememe at - to keep me out of the harvesters.
I know they are spoofing, I have seen this yesterday, only different sending
IP's.
Any ideas? We are using Debian with MS 4.29 and SA
Return-Path: <mememe at -webpresencegroup.net>
Received: from mailhub.webpresencegroup.net (mailhub.webpresencegroup.net
[209.44.11.5])
by webpresencegroup.net (8.10.2/8.10.2) with ESMTP id i5DIdTG29315
for <mememe at -webpresencegroup.net>; Sun, 13 Jun 2004 13:39:29 -0500
Received: from 209.44.11.5 ([221.124.187.119])
by mailhub.webpresencegroup.net (8.12.11/8.12.11/Debian-1) with SMTP id
i5DIUBv7011326
for <mememe at -webpresencegroup.net>; Sun, 13 Jun 2004 13:30:13 -0500
X-Message-Info: LN79DZ433FV325kvP1J4qYaazHOH118
Received: from [17.112.80.206] by
brilliant980817.beg.info at webpresencegroup.net via HTTP; Wed, 14 Jul 2004
23:35:55 +0500
Date: Wed, 14 Jul 2004 14:35:55 -0400
Message-ID: <6576942700.97817 at mememe@-webpresencegroup.net>
Reply-To: "Sydney Goode" <mememe at -webpresencegroup.net>
From: "Sydney Goode" <info at webpresencegroup.net>
To: "Info" <mememe at -webpresencegroup.net>
Subject: hiInfo [SCANNED]
Date: Wed, 14 Jul 2004 21:39:55 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--93647199468901248"
X-Web-Presence-Group-MailScanner: Found to be clean
X-Web-Presence-Group-MailScanner-SpamCheck: not spam (whitelisted),
SpamAssassin (score=-77.163, required 5, BAYES_99 5.40,
BODY_PRESCRIPTION 2.12, BODY_SAFE_AND_PRIVATE 2.22,
BigEvilList_83 3.00, DATE_IN_FUTURE_96_XX 2.60, DRUGS_ANXIETY 0.01,
DRUGS_ANXIETY_OBFU 1.00, DRUGS_DEPRESSION 0.01, DRUGS_DIET 0.01,
DRUGS_DIET_PAIN 0.50, DRUGS_MANYKINDS 1.00, DRUGS_MUSCLE 0.01,
DRUGS_PAIN 0.01, DRUGS_PAIN_OBFU 1.00, J_CHICKENPOX_13 0.60,
J_CHICKENPOX_24 0.60, J_CHICKENPOX_26 0.60, TO_INFO 1.73,
URI_PILL_ADJ 0.41, USER_IN_WHITELIST -100.00)
X-UIDL: 2Tm"!\n,"!E)p!!Wp0!!
--
David Thurman
The Web Presence Group
http://www.the-presence.com
Web Development/E-Commerce/CMS/Hosting/Dedicated Servers
800-399-6441/309-679-0774
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list