Tiny text only spam (semi OT)

--[ UxBoD ]-- uxbod at splatnix.net
Fri Jul 3 08:19:53 IST 2009 

----- "Alessandro Bianchi" <alex at skynet-srl.com> wrote: 
> Hi guys 
> 
> Those damned spemmers have found a way to break in 
> 
> After image only spam, they have managed to build plain text only spam (no links or hrml or images, just text) that slips throught my MS installation. 
> 
> They often place in ortographic errors to "fool" spamassassin. 
> 
> Here is an example: 
> <<< START -- destination address has been maqued 
> 
> From - Mon Jun 29 15:03:22 2009
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bivalved at rojax.com> X-Original-To: xxxxxxxxxxxxxxxxxxxxxx
Delivered-To: xxxxxxxxxxxxxxxxxxxxxxxx
X-Greylist: delayed 312 seconds by postgrey-1.30 at Log; Sun, 28 Jun 2009 15:09:01 CEST
Received: from jtuxl.forthnet.gr (adsl144-208.lsf.forthnet.gr [79.103.75.208])
	by cdnet02.cdnet.it (Postfix) with SMTP id A17793880EF
	for <xxxxxxxxxxxxxxxxx>; Sun, 28 Jun 2009 15:09:01 +0200 (CEST)
Date: Sun, 28 Jun 2009 13:09:04 +0100
Content-Type: text/plain;
 charset="windows-1256"
From: "kayaker" <bivalved at rojax.com> MIME-Version: 1.0
To: xxxxxxxxxxxxxxxxxxxxxxx
Message-ID: <x7V604791328Pspc0cNmxMjk at manetasmetal.gr> Subject: How To Make A iGprl As Hot As Paris Hilton Achieve Multiple Orgasms
X-skynet-srl-MailScanner-ID: A17793880EF.A13C2
X-MailScanner: Found to be clean
X-MailScanner-SpamScore: s
X-MailScanner-From: bivalved at rojax.com X-skynet-srl-MailScanner-Watermark: 1246799344.38984 at X6K8Q1cEZ6QnFvmnvQtBwQ
X-Spam-Status: No

Hfow To Make A Girl Ass Hot As Paris Hilton Achieve Multiple Orgasms www. pill20. com. Girl, 5, Forced To Apologize For Hugging Claassmate <<<< END 
> 
> Blocking the from address is completely useless since it is randomly changed and the same is for subject and text content. 
> 
> Has anyone else seen a similar behaviour and found a solution? 
> 
> Thank you ad best regards 
> 
> Alessandro 
> 
> 
> -- 
> 

Yep, I am getting a lot of these though most are being blocked.  Here is what SA is doing :-

[BAYES_95=3, RCVD_IN_BRBL=3, RCVD_IN_JMF_BL=1.5,RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1,SARE_ADULT2=1.42, SARE_CHARSET_W1251=1.656]


Best Regards,

-- 
SplatNIX IT Services :: Innovation through collaboration

More information about the MailScanner mailing list