Hosting Provided By

Re: debbie-dealz / frosty-saver / got-hyrda / aero-dog spam

From: Benjamin E. Zeller <zeller(at)ibh-wor.de>
Date: Wed Sep 12 2007 - 11:20:23 EDT

On Wednesday 12 September 2007 17:04:40 Brian Wilson wrote:
> I've somehow made it onto spam list that isn't being picked up by RBLs or
> by bayes. All messages have a url that looks like this (where X's are
> all digits):
>
> http://aero-dog.com/1-23-28276-45381XXXXXXX.html
>
> All messages are originating from 206.131.x.x and I have been submitting
> them to spamcop. A sample message is here:
> http://bubba.org/spam/newspam1.txt
>
> Any suggestions for detecting this? My bayes has been pretty much spot on
> for months, so this has me puzzled.
>
> Thanks,
> Brian

Result here:

 1.7 SARE_RECV_IP_206131    Spam passed through possible spammer relay
 0.1 FORGED_RCVD_HELO       Received: contains a forged HELO
 3.0 BAYES_80               BODY: Bayesian spam probability is 80 to 95%
                            [score: 0.9279]
 3.0 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: frosty-saver.com]

-- 
Benjamin E. Zeller
Ing.-Büro Hohmann
Bahnhofstr. 34
D-82515 Wolfratshausen

Tel.:  +49 (0)8171 347 88 12
Mobil: +49 (0)160 99 11 55 23
Fax:   +49 (0)8171 910 778
mailto: zeller@ibh-wor.de

www.ibh-wor.de


application/pgp-signature attachment: stored

Received on Wed Sep 12 11:22:10 2007

This message: [ Message body ]
Next message: Skip Brott: "RE: Suggestion to developers"
Previous message: Paul Griffith: "Summary - Handling Spam Surges"
In reply to: Brian Wilson: "debbie-dealz / frosty-saver / got-hyrda / aero-dog spam"
Next in thread: Jari Fredriksson: "Re: debbie-dealz / frosty-saver / got-hyrda / aero-dog spam"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sat Oct 27 2007 - 02:28:40 EDT