Great

 

Thanks for the clarification

 

Thank you

 

Please note our new Address

 

Harry Vanderzand

Intown Internet

740 Erbsville Road

Waterloo, On, N2J 3Z4

519-741-1222

 

DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying,or distribution of the message, or any
action or omission taken by you in reliance on it, is prohibited and may be
unlawful. Please immediately contact the sender if you have received this
message in error. Thank you. 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck,
Andrew
Sent: December-09-10 3:26 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo and
other free account blacklisted servers

 

Harry, the snippet I included was the literal text, you don't have to make
any substitutions.

 

To avoid email formatting and readability issues, I am now attaching that as
a text file. I hope that helps.

 

 

Andrew.

 

 

  _____  

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Harry
Vanderzand
Sent: Thursday, December 09, 2010 11:00 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo and
other free account blacklisted servers

Have been following this and tried to use it.

 

However now I am not sure I did it right.

 

Do I Leave “X-originating-IP” in the code Or do I have to substitute and IP
or something else?

 

Thank you

 

Please note our new Address

 

Harry Vanderzand

Intown Internet

740 Erbsville Road

Waterloo, On, N2J 3Z4

519-741-1222

 

DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying,or distribution of the message, or any
action or omission taken by you in reliance on it, is prohibited and may be
unlawful. Please immediately contact the sender if you have received this
message in error. Thank you. 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Nick
Hayer
Sent: December-09-10 1:49 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo and
other free account blacklisted servers

 

fyi - the 'X-Originating-IP" as well as "'X-AOL-IP"  are the senders ip -
they have no relation to yahoo or aol.  What you can do with these ip's -
which is what I do - is look up 'um up in blacklists..

-Nick

MadRiverAccess.com|Skywaves.com Tech Support 
US/Canada 877-873-6482 or International +1-802-229-6574 
Emergency Support 24/7: supp...@skywaves.net 
General and Non-Emergency support ticket: 
https://www.skywaves.com/content/secure/support_ticket.htm

 

  _____  

From: "Colbeck, Andrew" <acolb...@bentallkennedy.com>
Sent: Wednesday, December 08, 2010 5:52 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo and
other free account blacklisted servers


Thanks, Pete and Scott.

As always, Pete, that change worked as advertised. I've put in a slight
tweak as well as Scott's AOL suggestion, I pre-pended a period to
qualify the domains tighter (I also left in the examples, that's my own
practice for self-documentation)


<source>
<!-- <header name='X-Use-This-Source:' received='mixedsource.com
[' ordinal='0' /> -->
<!-- <header name='X-Originating-IP:' received='hotmail.com ['ordinal='0' />
-->
<header name='X-Originating-IP:' received='.hotmail.com ['ordinal='0' />
<header name='X-AOL-IP:' received='.aol.com [' ordinal='0' />
</source>

I sent myself three messages from my own Hotmail account, and then
checked my own firewall's IP address in my local GBU:

CD \messagesniffer

SNFClient.exe -test 1.2.3.4
GBUdb Record for 1.2.3.4
Type Flag: ugly
Bad Count: 0
Good Count: 3
Probability: -1
Confidence: 0.113212
Range: normal
Code: 0

Hopefully, others will choose to also pay in to the system, and
regardless, I'll see less Hotmail and AOL spam from known zombie IP
addresses!


Andrew 8)


-----Original Message-----
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
Scott Fisher
Sent: Monday, December 06, 2010 1:18 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo
and other free account blacklisted servers


I made this change immediately. Like Andrew I've always wondered why the
Hotmail header hasn't been targeted by someone.

-----Original Message-----
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Pete
McNeil
Sent: Monday, December 06, 2010 2:31 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo
and
other free account blacklisted servers


On 12/6/2010 2:47 PM, Colbeck, Andrew wrote:
> I have the same position as Scott.
>
> I find that the MessageSniffer product from ARM Research is the most
reliable test

<snip/>

> Hotmail in particular would be less effective for the bad guys if I
had an
antispam tool that would determine from the headers that the sender was
from
Hotmail (or others) and then check the
>
> X-Originating-IP: [111.222.333.444]

<snip/>

> I've suggested it before but vendors are, quite reasonably, leery of
building into their product a feature that is specific to a few
providers
while being prone to false positives.

Actually, if I may, Message Sniffer has precisely that feature built 
into GBUdb training.

Specifically, you can tell Message Sniffer to identify the source IP for

the message based on the presence of a specific header. This feature was

designed specifically for hotmail and other systems that provide a 
source IP for one reason or another -- (perhaps complex internal
routing).

For configuration information see:

http://www.armresearch.com/support/articles/software/snfServer/config/no
de/g
budb/training/source.jsp
http://www.armresearch.com/support/articles/software/snfServer/config/no
de/g
budb/training/source-header.jsp

If you configure this training mechanism for GBUdb in your Message 
Sniffer engine then GBUdb will become much more accurate for messages 
coming through that source.

Best,

_M


-- 
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010




---
[This E-mail was scanned by Declude]


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.





---
[This E-mail was scanned by Declude]


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.


We are pleased to announce that Bentall LP and Kennedy Associates Real
Estate Counsel, LP joined forces on December 1, 2010. To learn more, visit:
www.bentallkennedy.com


Nous avons le plaisir de vous annoncer que Bentall LP et Kennedy Associates
Real Estate Counsel LP se sont associees le 1er decembre 2010. Pour en
savoir plus, rendez-vous a www.bentallkennedy.com


This message (and any associated files) may contain confidential,
proprietary and/or privileged material and access to these materials by
anyone other than the intended recipient is unauthorized. Unauthorized
recipients are required to maintain confidentiality. Any review,
retransmission, dissemination or other use of these materials by persons or
entities other than the intended recipient is prohibited and may be
unlawful. If you have received this message in error, please notify us
immediately and destroy the original.


Ce message et tout document qui y est eventuellement joint peuvent contenir
de l'information confidentielle ou exclusive. L'acces a cette information
par quiconque autre que le destinataire designe en est donc interdit. Les
personnes ou les entites non autorisees doivent respecter la confidentialite
de cette information. La lecture, la retransmission, la communication ou
toute autre utilisation de cette information par une personne ou une entite
non autorisee est strictement interdite. Si vous avez recu ce message par
erreur, veuillez nous en aviser immediatement et le detruire.


---
[This E-mail was scanned by Declude]


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.





---
[This E-mail was scanned by Declude] 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 


---
[This E-mail was scanned by Declude] 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 

 

We are pleased to announce that Bentall LP and Kennedy Associates Real
Estate Counsel, LP joined forces on December 1, 2010. To learn more, visit:
<http://www.bentallkennedy.com/> www.bentallkennedy.com

 

Nous avons le plaisir de vous annoncer que Bentall LP et Kennedy Associates
Real Estate Counsel LP se sont associées le 1er décembre 2010. Pour en
savoir plus, rendez-vous à  <http://www.bentallkennedy.com/>
www.bentallkennedy.com

 

This message (and any associated files) may contain confidential,
proprietary and/or privileged material and access to these materials by
anyone other than the intended recipient is unauthorized. Unauthorized
recipients are required to maintain confidentiality. Any review,
retransmission, dissemination or other use of these materials by persons or
entities other than the intended recipient is prohibited and may be
unlawful. If you have received this message in error, please notify us
immediately and destroy the original.

 

Ce message et tout document qui y est éventuellement joint peuvent contenir
de l’information confidentielle ou exclusive. L’accès à cette information
par quiconque autre que le destinataire désigné en est donc interdit. Les
personnes ou les entités non autorisées doivent respecter la confidentialité
de cette information. La lecture, la retransmission, la communication ou
toute autre utilisation de cette information par une personne ou une entité
non autorisée est strictement interdite. Si vous avez reçu ce message par
erreur, veuillez nous en aviser immédiatement et le détruire.


---
[This E-mail was scanned by Declude] 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 




---
[This E-mail was scanned by Declude]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to