I have the same position as Scott. I find that the MessageSniffer product from ARM Research is the most reliable test at catching spam from freemail accounts. Second best is a URI product, but much of the spam from freemail accounts is scam text that doesn't have a URL, or the spammer obfuscates it by not describing the domain rather than specifying it e.g. he will write example.com instead of http://www.example.com/marketing (I just fabricated this example).
Hotmail in particular would be less effective for the bad guys if I had an antispam tool that would determine from the headers that the sender was from Hotmail (or others) and then check the X-Originating-IP: [111.222.333.444] Header they add, which is invariably a source address I'd block because it's listed in XBL or other "DYNA" blacklists. I've suggested it before but vendors are, quite reasonably, leery of building into their product a feature that is specific to a few providers while being prone to false positives. Andrew from Vancouver -----Original Message----- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Scott Fisher Sent: Friday, December 03, 2010 8:38 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo and other free account blacklisted servers My problem is the reverse, I get so much spam from hacked aol/hotmail/gmail/yahoo accounts, that its getting to the point that these services are spammers. I hope some more places blacklist them so that maybe they'll clean up their act. Like that would happen... Unfortunately a disproportionate amount of my email spam administration time is spent solely on these free providers trying to fine tune the filters to block the spam, without much collateral damage. -----Original Message----- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Friday, December 03, 2010 8:39 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo and other free account blacklisted servers You can also my filters GOOD-REVDNS and HAM-INDICATOR as well as ISP-HOTMAIL, ISP-YAHOO etc which are available from the Declude website. These can help reduce false positives. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -----Original Message----- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Gary Steiner Sent: Friday, December 03, 2010 9:17 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo and other free account blacklisted servers Try using the following whitelists: http://www.abuses.es/eswl/index.html.en http://www.dnswl.org/ Both are fairly reliable. -------- Original Message -------- > From: "Chris Patterson" <ch...@rseng.net> > Sent: Wednesday, December 01, 2010 10:01 PM > To: "declude.junkmail@declude.com" <declude.junkmail@declude.com> > Subject: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo and other free account blacklisted servers > > We have been seeing a dramatic increase of free webmail server IP's being blacklisted and causing false positives from the usual Hotmail, msn, yahoo, aol, gmail, and other free email servers listed on RBL', spamcop, spamhaus, etc. > > This has caused a tendency to for customers to want to whitelist these domains which we do have on per domain/per user settings however still must be explained and applied. > > I can provide hundreds of these blacklisted IP's in the logs however I was hoping a number of you have developed a list of reverse DNS IP or hostname entry files to subtract from sniffer and/or UR-IBL scoring that will allow the good emails through from blacklisted IPs or some ruleset that has the same effect. > > This has become a very annoying issue for us, any help/ideas would be appreciated. > > > Chris Patterson, CCNA > Special Projects and Advanced Engineering Manager > Rapid Systems > http://www.rapidsys.com > KB: http://support.rapidsys.com > > --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. We are pleased to announce that Bentall LP and Kennedy Associates Real Estate Counsel, LP joined forces on December 1, 2010. To learn more, visit: www.bentallkennedy.com Nous avons le plaisir de vous annoncer que Bentall LP et Kennedy Associates Real Estate Counsel LP se sont associées le 1er décembre 2010. Pour en savoir plus, rendez-vous à www.bentallkennedy.com This message (and any associated files) may contain confidential, proprietary and/or privileged material and access to these materials by anyone other than the intended recipient is unauthorized. Unauthorized recipients are required to maintain confidentiality. Any review, retransmission, dissemination or other use of these materials by persons or entities other than the intended recipient is prohibited and may be unlawful. If you have received this message in error, please notify us immediately and destroy the original. Ce message et tout document qui y est éventuellement joint peuvent contenir de l'information confidentielle ou exclusive. L'accès à cette information par quiconque autre que le destinataire désigné en est donc interdit. Les personnes ou les entités non autorisées doivent respecter la confidentialité de cette information. La lecture, la retransmission, la communication ou toute autre utilisation de cette information par une personne ou une entité non autorisée est strictement interdite. Si vous avez reçu ce message par erreur, veuillez nous en aviser immédiatement et le détruire. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.