Yeah, there's something going on there for sure. Here's one way that facebook could be sending to spamtraps:
First an account gets compromised. Happens all of the time. Then the hacker logs in and then sends invitations or messages to a list of addresses, that includes a spamtrap address On Tue, Jan 19, 2010 at 2:35 PM, Scott Haneda <[email protected]> wrote: > If facebook has sent to spamtraps, they deserve the listing. I > understand users do not understand this, but as long as spamcop is > accurate, this is 100% proof positive that facebook scrapes the web. > > -- > Scott > (Sent from a mobile device) > > On Jan 19, 2010, at 9:05 AM, Scott MacLean <[email protected]> wrote: > >> Yeah, some of Facebook's outbound SMTP servers have been listed in >> spamcop for over a week now. I asked them about it, and they said: >> >> This IP is sending spam to our spamtraps. Our spamtraps have never >> sent mail and so should never receive mail. If it's important that >> you receive mail from these IPs, I'd suggest you whitelist them >> locally. >> >> >> At 10:48 AM 1/19/2010, K Post wrote: >> >>> I just noticed one of the facebook messages being blocked: >>> DNSBL, 69.63.178.178 listed in bl.spamcop.net >>> >>> so it's not even a bayesian error... >>> >>> >>> >>> On Tue, Jan 19, 2010 at 10:40 AM, K Post <[email protected]> wrote: >>>> I'm having some trouble with our users getting facebook messages and >>>> looking for suggestions on how to fix this. >>>> >>>> Do you think it's a good idea to "no process" message from facebook? >>>> We do see lots of bogus messages from @facebook.com senders, that >>>> don't pass spf validation. Language is the same as the real >>>> facebook >>>> messages, just with bad links. These get blocked, which is why lots >>>> of legitimate facebook messages also get blocked. >>>> >>>> What I'd like to do is allow @facebook.com messages to get through >>>> as >>>> long as the SPF matches. I'd use noprocessing so they don't add to >>>> the corpus. >>>> >>>> The problem is that I don't think there's a way to do this with the >>>> current v2 of assp. >>>> >>>> How difficult would it be to have a list of domain names (with >>>> wildcard functionality, so *.facebook.com) that match either the >>>> mail >>>> from or from lines and have it be that as long as SPF matches, the >>>> message goes through, with no processing? Maybe extend that >>>> functionality to have another list that if the same criteria is met, >>>> it's considered whitelisted. This is sort of like our own internal >>>> senderbase that relys on spf. >>>> >>>> Thanks for the insight. >>>> >>> >>> --- >>> --- >>> --- >>> --------------------------------------------------------------------- >>> Throughout its 18-year history, RSA Conference consistently >>> attracts the >>> world's best and brightest in the field, creating opportunities for >>> Conference >>> attendees to learn about information security's most important >>> issues through >>> interactions with peers, luminaries and emerging and established >>> companies. >>> http://p.sf.net/sfu/rsaconf-dev2dev >>> _______________________________________________ >>> Assp-test mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/assp-test >> --- >> --- >> --- >> --------------------------------------------------------------------- >> Throughout its 18-year history, RSA Conference consistently attracts >> the >> world's best and brightest in the field, creating opportunities for >> Conference >> attendees to learn about information security's most important >> issues through >> interactions with peers, luminaries and emerging and established >> companies. >> http://p.sf.net/sfu/rsaconf-dev2dev >> _______________________________________________ >> Assp-test mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/assp-test > > ------------------------------------------------------------------------------ > Throughout its 18-year history, RSA Conference consistently attracts the > world's best and brightest in the field, creating opportunities for Conference > attendees to learn about information security's most important issues through > interactions with peers, luminaries and emerging and established companies. > http://p.sf.net/sfu/rsaconf-dev2dev > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
