Forwarded spam is caught, original message is not

Chris Barber chris at techquility.net
Thu Mar 5 17:21:19 GMT 2009


>A DNS timeout on the surbl hits could explain it. The first time the surbl list lookup comes in just at the timeout, then the forward hits >the cached lookup and is faster.
>
>Do you quarantine all your messages? If so you could pull the original out and retest it. If it still doesn't hit, it is probably an >encoding issue, it it does, it is a DNS issue.
>

Scott,

Looks like it is not a DNS issue. I put the original and forwarded messages back through the server and I had the same results. The original message does not hit the URIBL rules (even if I put it through many times) and the forwarded one does. The only difference I can see is the encoding. The URL's in the original have some extra characters it seems. See my original post for the queue files and you can see what I mean. 

Is this some new tactic that spammers are using to get around URL checking in the body of emails? How can I troubleshoot this further?

Thanks,
Chris



More information about the MailScanner mailing list