Spam from two letter domain.

Budi Febrianto bfebrian.mailscanner at
Wed Mar 25 06:25:04 GMT 2009

Dear all,

Recently I got hit by spam that came only from two letter domain, like,, and many others.
Right now it only got hit by this rules
4.00    BAYES_80                Bayesian spam probability is 80 to 95%
1.90    INVALID_MSGID    Message-Id is not valid, according to RFC 2822
0.39    SARE_RECV_SPAM_NAME2    

Right now I only put many of those two letter domains in our blacklist, 
but I'm affraid that will come many more with different domain.

This is one example of the email
Return-Path: <<81>g>
Received: from ( [])
        by (8.13.8/8.13.8) with ESMTP id n2P4CHlP022256
        for <Rakesh at>; Wed, 25 Mar 2009 11:12:34 +0700
Date: Wed, 25 Mar 2009 12:12:52 +0800
From: Milla <pemdb2004 at>
X-Mailer: cxaz 0.415
Reply-To: pemdb2004 at
X-Priority: 3 (Normal)
Message-ID: 2818841884.905474100 at
To: Rakesh at
Subject: Good afternoon! I Milla
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Good afternoon! I Milla Look my photo, call me and fuck me bjqxhp: iqylrxcz


It is safe to block all the two letter domains?
Or is there any other rules to block this kind of spam?

I'm using
MailScanner 4.65.3

Thanks in advance.

More information about the MailScanner mailing list