geocities spam, why isn't it caught

Remco Barendse mailscanner at BARENDSE.TO
Tue Aug 23 08:41:43 IST 2005 

Thanks for all the replies.

>> The mails are only scored by bayes, none of the other checks are triggered. 
>> I knos someone posted a rule to block uk.geocities.com (even though I lost 
>> the mail) but what worries me more is the fact that they manage to get past 
>> all checks incl. SURBL / URI and dcc checks.
>> 
>> Anyone have any idea why, is my setup wrong?
>
> SURBL wont list them since its a legit site. They suck, since they dont 
> respond to abuse, but they are still legit.

Strange that SURBL won't list them because they are a legit site. I 
thought it was possible to block based on URLS given, not just domain 
names? Most teenagers do not send their new geocities homepage to 10 
million people so I guess if a url passes a certain number of hits it 
could safely be blacklisted?

> You could add some extra rules for this, and feel free to replace the it/uk 
> with * if you want to be on the safe side. Geocities can ignore this, but 
> they risk that people just put them inside a lot of filters, harming much 
> much more.

Well with geocities contributing to spam they do not deserve better than 
to be blacklisted.

I don't understand the format fully but have now added this to 
prolo.cf:

uri PROLO_PUBWEB_GEO_CHECK /^http:\/\/*\.geocities\.com\//
score PROLO_PUBWEB_GEO_CHECK  15.0
describe PROLO_PUBWEB_GEO_CHECK PROLO_PUBWEB_GEO_CHECK, Body

I hope this will trap any e-mail with geocities domain in it?

Thanks! Remco

>
> uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*uk\.geocities\.com\//
> score PROLO_PUBWEB_UKGEO_CHECK1  15.0
> describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body
>
> uri PROLO_PUBWEB_ITGEO_CHECK1 /^http:\/\/.*it\.geocities\.com\//
> score PROLO_PUBWEB_ITGEO_CHECK1  15.0
> describe PROLO_PUBWEB_ITGEO_CHECK1 PROLO_PUBWEB_ITGEO_CHECK1, Body
>
> Bye,
> Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list