geocities spam, why isn't it caught

Vlad Mazek vlad at MAZEK.COM
Tue Aug 23 08:45:25 IST 2005 

Well, you can only go so crazy trying to blacklist the rest of the world
based on a valid URI. For example, they are now moving to spaces.msn.com
which is not all that popular of a site but concept is pretty interesting as
nearly any site accepting unmoderated content can be used in these
messages.. blogs, forums, etc.

-Vlad
ExchangeDefender.com

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Remco Barendse
> Sent: Tuesday, August 23, 2005 3:42 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: geocities spam, why isn't it caught
> 
> Thanks for all the replies.
> 
> >> The mails are only scored by bayes, none of the other checks are
> triggered.
> >> I knos someone posted a rule to block uk.geocities.com (even though I
> lost
> >> the mail) but what worries me more is the fact that they manage to get
> past
> >> all checks incl. SURBL / URI and dcc checks.
> >>
> >> Anyone have any idea why, is my setup wrong?
> >
> > SURBL wont list them since its a legit site. They suck, since they dont
> > respond to abuse, but they are still legit.
> 
> Strange that SURBL won't list them because they are a legit site. I
> thought it was possible to block based on URLS given, not just domain
> names? Most teenagers do not send their new geocities homepage to 10
> million people so I guess if a url passes a certain number of hits it
> could safely be blacklisted?
> 
> > You could add some extra rules for this, and feel free to replace the
> it/uk
> > with * if you want to be on the safe side. Geocities can ignore this,
> but
> > they risk that people just put them inside a lot of filters, harming
> much
> > much more.
> 
> Well with geocities contributing to spam they do not deserve better than
> to be blacklisted.
> 
> I don't understand the format fully but have now added this to
> prolo.cf:
> 
> uri PROLO_PUBWEB_GEO_CHECK /^http:\/\/*\.geocities\.com\//
> score PROLO_PUBWEB_GEO_CHECK  15.0
> describe PROLO_PUBWEB_GEO_CHECK PROLO_PUBWEB_GEO_CHECK, Body
> 
> I hope this will trap any e-mail with geocities domain in it?
> 
> Thanks! Remco
> 
> >
> > uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*uk\.geocities\.com\//
> > score PROLO_PUBWEB_UKGEO_CHECK1  15.0
> > describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body
> >
> > uri PROLO_PUBWEB_ITGEO_CHECK1 /^http:\/\/.*it\.geocities\.com\//
> > score PROLO_PUBWEB_ITGEO_CHECK1  15.0
> > describe PROLO_PUBWEB_ITGEO_CHECK1 PROLO_PUBWEB_ITGEO_CHECK1, Body
> >
> > Bye,
> > Raymond.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list