Tina, I recognize the naming convention of that spammer. He uses fresh domains, obeys best practices for matching HELO+MAILFROM+REVDNS and uses clean IP addresses.
The explanation for what you are seeing is timing: the spammer isn’t listed at the time your server accepts the message. By the time the user reports the message as spam, and you check it, the domain and sending IP have been blocklisted. Andrew. From: [email protected] [mailto:[email protected]] On Behalf Of Tina Cline Sent: Monday, October 27, 2014 7:15 AM To: [email protected] Subject: [MBF] FW: [MBF] Re: Emails should be failing URIBL Pretty much – emails such as this that not only the links in the email but the sender domain is on the uribl-black and declude logs show there is no check/ or did not get flagged (There is no mention of it “passing” but rather no mention of it failing either): Link in email: http: //gohere. crestinternethosting71. link from address of email: New Deadline Updates <NewDeadlineUpdates@ crestinternethosting71. link> (I removed the hyperlinks and separated the address for security) ---------------------------------------------------------- Tina Cline 270net Technologies Phone: 301.663.6000 x200 Fax: 301.663.4410 www.270net.com "Internet Technology for Business and Government" ----------------------------------------------------------- From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David Barker Sent: Thursday, October 23, 2014 4:07 PM To: [email protected]<mailto:[email protected]> Subject: [MBF] Re: Emails should be failing URIBL The RHSBL checks the senders domain is this what you are saying is passing ? On 10/23/2014 1:29 PM, Tina Cline wrote: #http://www.uribl.com/ (PUBLIC) MBF REVIEWED 6/19/2013 URIBL-WHITE RHSBL white.uribl.com 127.0.0.2 -2 0 URIBL-BLACK RHSBL black.uribl.com 127.0.0.2 20 0 URIBL-GREY RHSBL grey.uribl.com 127.0.0.4 5 0 #URIBL-RED RHSBL red.uribl.com 127.0.0.8 0 0 ---------------------------------------------------------- Tina Cline 270net Technologies Phone: 301.663.6000 x200 Fax: 301.663.4410 www.270net.com "Internet Technology for Business and Government" ----------------------------------------------------------- From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David Barker Sent: Thursday, October 23, 2014 12:51 PM To: [email protected]<mailto:[email protected]> Subject: [MBF] Re: Emails should be failing URIBL How have you configured your URIBL? On 10/23/2014 11:02 AM, Tina Cline wrote: We are seeing a great deal of emails that should be failing URIBL-Black. They come through and I verify they are listed in URIBL Blacklist, and the Declude log is marking them as passing the test.. I even changed Declude DNS to use a local host rather than public just in case URIBL was blocking the inquiries from public DNS. Any ideas? ----------------------------------------------------------- Tina Cline 270net Technologies – IT Support Specialist Phone: 301.663.6000 x200 Fax: 301.663.4410 www.270net.com "Internet Technology for Business and Government" ----------------------------------------------------------- -- David Barker Mail’s Best Friend Email : [email protected]<mailto:[email protected]> Web : www.mailsbestfriend.com<http://www.mailsbestfriend.com> Office : 866.919.2075 Mobile : 978.518.6461 -- David Barker Mail’s Best Friend Email : [email protected]<mailto:[email protected]> Web : www.mailsbestfriend.com<http://www.mailsbestfriend.com> Office : 866.919.2075 Mobile : 978.518.6461 This message (and any associated files) may contain confidential, proprietary and/or privileged material and access to these materials by anyone other than the intended recipient is unauthorized. Unauthorized recipients are required to maintain confidentiality. Any review, retransmission, dissemination or other use of these materials by persons or entities other than the intended recipient is prohibited and may be unlawful. If you have received this message in error, please notify us immediately and destroy the original. Ce message et tout document qui y est éventuellement joint peuvent contenir de l’information confidentielle ou exclusive. L’accès à cette information par quiconque autre que le destinataire désigné en est donc interdit. Les personnes ou les entités non autorisées doivent respecter la confidentialité de cette information. La lecture, la retransmission, la communication ou toute autre utilisation de cette information par une personne ou une entité non autorisée est strictement interdite. Si vous avez reçu ce message par erreur, veuillez nous en aviser immédiatement et le détruire.
