geocities spam, why isn't it caught
Raymond Dijkxhoorn
raymond at PROLOCATION.NET
Tue Aug 23 08:23:12 IST 2005
Hi!
> They aren't using only uk.geocities.com but also geocities.com and
> it.geocities.com but I guess they could come up with a 1,000,000 of variants.
We also have samples with www.geocities.com allready...
> The mails are only scored by bayes, none of the other checks are triggered. I
> knos someone posted a rule to block uk.geocities.com (even though I lost the
> mail) but what worries me more is the fact that they manage to get past all
> checks incl. SURBL / URI and dcc checks.
>
> Anyone have any idea why, is my setup wrong?
SURBL wont list them since its a legit site. They suck, since they dont
respond to abuse, but they are still legit.
You could add some extra rules for this, and feel free to replace the
it/uk with * if you want to be on the safe side. Geocities can ignore
this, but they risk that people just put them inside a lot of filters,
harming much much more.
uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*uk\.geocities\.com\//
score PROLO_PUBWEB_UKGEO_CHECK1 15.0
describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body
uri PROLO_PUBWEB_ITGEO_CHECK1 /^http:\/\/.*it\.geocities\.com\//
score PROLO_PUBWEB_ITGEO_CHECK1 15.0
describe PROLO_PUBWEB_ITGEO_CHECK1 PROLO_PUBWEB_ITGEO_CHECK1, Body
Bye,
Raymond.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list