AW: [Declude.JunkMail] COMBO-Filter solution for todays german polite emails
hi markus, hi all, i just get a message with the subject: SEHBEHINDERTER VON AUSLAENDERN VERPRUEGELT it looks like sober.h but i can not find this subject in any decription of this thing. is this a new form of sober.h (sober.i?)? or is this just a subjectline that has not occured yet? mfg i.a. gez. markus guhl *** lds nrw dez. 235 tel.: 0211 9449 2578 fax.: 0211 9449 8344 mailto:[EMAIL PROTECTED] *** -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Markus Gufler Gesendet am: Montag, 14. Juni 2004 07:35 An: [EMAIL PROTECTED] Betreff: RE: [Declude.JunkMail] COMBO-Filter solution for todays german polite emails Odd thing is I was nailing some of your email with interbusiness.it and I don't see that anywhere in the headers of your current messages This because I used our webmail interface to guarantee, that anyone can read this message even if he's blocking messages send from an IP that is listed in certain IP-blacklists. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
AW: [Declude.JunkMail] COMBO-Filter solution for todays german polite emails
hi markus, thanks! by the way: we use anywhere, because (like sober.g) there are so many bouncing messages from other mailservers. mfg i.a. gez. markus guhl *** lds nrw dez. 235 tel.: 0211 9449 2578 fax.: 0211 9449 8344 mailto:[EMAIL PROTECTED] *** -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Markus Gufler Gesendet am: Montag, 14. Juni 2004 14:10 An: [EMAIL PROTECTED] Betreff: RE: [Declude.JunkMail] COMBO-Filter solution for todays german polite emails i just get a message with the subject: SEHBEHINDERTER VON AUSLAENDERN VERPRUEGELT it looks like sober.h but i can not find this subject in any decription of this thing. Hi Markus, Thank you for this information. Now this is my current list of subject filters. SUBJECT 200 CONTAINSASYLANT QUAELTE TIERE BRUTAL ZU TODE SUBJECT 200 CONTAINSASYLANTEN BEGRABSCHTEN DEUTSCHES MAEDCHEN SUBJECT 200 CONTAINSAuf Kosten der deutschen Beitragszahler und Rentner! SUBJECT 200 CONTAINSAugen auf! (So sieht es aus!) SUBJECT 200 CONTAINSAuslaender erschleichen sich zunehmend Sozialleistungen SUBJECT 200 CONTAINSAuslaenderanteile in Schweizer Gefaengnissen SUBJECT 200 CONTAINSAUSLAENDERGEWALT BEIM HAFENGEBURTSTAG SUBJECT 200 CONTAINSAuslaendergewalt: Herr Rau, wo waren Sie? SUBJECT 200 CONTAINSAuslaenderkriminalitaet steigt weiter! SUBJECT 200 CONTAINSBankrott des Gesundheitswesens durch Auslaender! SUBJECT 200 CONTAINSBin ich zu weltfremd? Ich glaube wohl kaum SUBJECT 200 CONTAINSDas kann unmoeglich sein -Leserbrief- SUBJECT 200 CONTAINSDEUTSCHES MAEDCHEN FAST VERGEWALTIGT SUBJECT 200 CONTAINSDie Deform der sozialen Ordnung SUBJECT 200 CONTAINSDiplomatische Zensur SUBJECT 200 CONTAINSEU Beitritt der Tuerkei ? SUBJECT 200 CONTAINSEU gibt Erwerbslosen volle Freizuegigkeit SUBJECT 200 CONTAINSGarather klagen ueber eskalierende Gewalt im Stadtteil! SUBJECT 200 CONTAINSGeschrieben von Margrit am 07. April 2004 SUBJECT 200 CONTAINSLibanesen in Berlin SUBJECT 200 CONTAINSMarokkanischer Wiederholungstaeter vergewaltigte 17-jaehriges Maedel SUBJECT 40 CONTAINS Medienzensur SUBJECT 200 CONTAINSMehr fuer Auslaender als fuer Deutsche tun! SUBJECT 200 CONTAINSMoschee-Bau in Deutschland SUBJECT 200 CONTAINSMULTI-KULTI-BANDE TYRANNISIERTE MITSCHUELER SUBJECT 200 CONTAINSNein zum Zuwanderungsgesetz ! SUBJECT 200 CONTAINSNeue Voelkerwanderung droht! SUBJECT 200 CONTAINSParadies Bundesrepublik - Rente fuer die Welt - SUBJECT 200 CONTAINSPolizei traute sich nicht, kriminellen Auslaender festzunehmen SUBJECT 200 CONTAINSRichter unterstuetzt kriminelle Auslaenderin SUBJECT 200 CONTAINSSEHBEHINDERTER VON AUSLAENDERN VERPRUEGELT SUBJECT 200 CONTAINSSkandal in Berlin SUBJECT 200 CONTAINSSkandalurteil in Darmstadt SUBJECT 200 CONTAINSSo sieht die Wahrheit aus! SUBJECT 200 CONTAINSTUERKEN-TERROR AM HIMMELFAHRTSTAG SUBJECT 200 CONTAINSWas Deutschland braucht, sind deutsche Kinder! SUBJECT 200 CONTAINSWer an ein Tabu ruehrt, muss und darf vernichtet werden SUBJECT 200 CONTAINSWir haben die Auslaender doch geholt?! I don't know what version of virus this zombies are running. All this spam messages are clean and contain only a text part. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: RoadRunner Postmaster Contact
Sorry for the OT post, but I'm desperate this morning... Anyone have a RoadRunner postmaster contact? I'm getting a ton of MX connect fail this morning to a number of their servers. Don't know if they've blacklisted our IP range or not. Anyone else having trouble with them currently? Darin.
[Declude.JunkMail] Feature Request Possibility
As I look at my Nigerian scam e-mails for the weekend, I see a chunk of them have subjects in all capital letters and some have bodys of all capital letters which would be out of the norm. I wonder if this would be a workable test for a small weight 10-20% of hold weight SUBJECTALLCAPS BODYALLCAPS might not be good until MIME decoding? I would see these as base tests not as filter options. Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] feature idea number LINESFAILED
I know this has been proposed in different formats before. I'd like to see a LINESFAILED option for the filter. This would count how many (non END Action) lines that have been matched. It would be implemented like this: LINESFAILED 10 IS5 LINESFAILED 20 GE 6 This would preferably use (LT or LE), IS, and (GT or GE) operands. Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Feature Request Possibility
I wonder if this would be a workable test for a small weight 10-20% of hold weight SUBJECTALLCAPS BODYALLCAPS might not be good until MIME decoding? I would see these as base tests not as filter options. This is something that we are looking into. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelist RBL numbers dropping
I've seen the BondedSender RBL numbers dropping over the last couple of months. From nearly 800, to 430 to 178 last month. Does anyone have any whitelist rbl's that work for them? Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: RoadRunner Postmaster Contact
These jerks are so unresponsive that we decided to go tit-for-tat, i.e. we now block them as well. We have apparently been caught in a wider IP block by them and have been unable to clear it up. In fact, they are so knowledgable that when one of their customers in Florida contacted them via e-mail and got a callback, when he asked for a number at which we could reach them, the technical support person didn't know the number and disappeared for several minutes before eventually coming back with an 800 number. When that number was called, we got a voice mail message telling us to e-mail them with the problem. We have of course done this several times with absolutely no response, so we have take the only option left to us: to block all the IP ranges we can find for them. :-) Erik Erik Hjelholt, Managing DirectorAlberni-dot-Net, a div. of Tandem Security Inc.4716 Roger St., Port Alberni, BC V9Y 3Z2Phone: 250-720-8110 - Fax: 250-723-0901 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Darin CoxSent: Monday, June 14, 2004 07:19To: [EMAIL PROTECTED]Subject: [Declude.JunkMail] OT: RoadRunner Postmaster Contact Sorry for the OT post, but I'm desperate this morning... Anyone have a RoadRunner postmaster contact? I'm getting a ton of MX connect fail this morning to a number of their servers. Don't know if they've blacklisted our IP range or not. Anyone else having trouble with them currently? Darin.
RE: [Declude.JunkMail] OT: RoadRunner Postmaster Contact
I agree with pretty much everything said here. We sent 7 e-mail requests, then it got dirty. Eventually we started calling the local tech support demanding the contact number of a real live human being in their Security Dept., took down the namesof everyone we spoke to.We learned that the regional rr.com NOCs can, at their discretion change the master blacklist, and if there's any doubt, they can escalate pretty quickly to their central security department. In our case, several of our employees used rr from home as theirway to VPN into our network. When we started talking about taking our business elsewhere, contacting regional managers, things began to get fixed very quickly. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tandem GroupSent: Monday, June 14, 2004 3:36 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] OT: RoadRunner Postmaster Contact These jerks are so unresponsive that we decided to go tit-for-tat, i.e. we now block them as well. We have apparently been caught in a wider IP block by them and have been unable to clear it up. In fact, they are so knowledgable that when one of their customers in Florida contacted them via e-mail and got a callback, when he asked for a number at which we could reach them, the technical support person didn't know the number and disappeared for several minutes before eventually coming back with an 800 number. When that number was called, we got a voice mail message telling us to e-mail them with the problem. We have of course done this several times with absolutely no response, so we have take the only option left to us: to block all the IP ranges we can find for them. :-) Erik Erik Hjelholt, Managing DirectorAlberni-dot-Net, a div. of Tandem Security Inc.4716 Roger St., Port Alberni, BC V9Y 3Z2Phone: 250-720-8110 - Fax: 250-723-0901 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Darin CoxSent: Monday, June 14, 2004 07:19To: [EMAIL PROTECTED]Subject: [Declude.JunkMail] OT: RoadRunner Postmaster Contact Sorry for the OT post, but I'm desperate this morning... Anyone have a RoadRunner postmaster contact? I'm getting a ton of MX connect fail this morning to a number of their servers. Don't know if they've blacklisted our IP range or not. Anyone else having trouble with them currently? Darin.
[Declude.JunkMail] Dell Mailings
Hi, Does it makes sense that Dell would be doing promotion e-mail that looks like. Sort of looks legit. Subject: =?iso-8859-1?B?UG93ZXIgVXAgVGhlIE9mZmljZSBGb3IgMTAlIExlc3M=?= From: [EMAIL PROTECTED] And links inside the e-mail like: http://img.dellcanada.clickforlink.com/business_updates/2004/06-June/11/images/shim.gif http://dell.email-link.ca/cgi-bin2/DM/y/hhMW0EbdxG0Kos0CD6G0As I am waiting to get back the full headers Why would they encode the subject line like that? Has anyone else seen the domain dell.email-link.ca? Thanx Goran Jovanovic The LAN Shoppe image001.gif
[Declude.JunkMail] USBank Scam?
Hi all, I don't know enough about HTML to know if the link below is a normal way to do something, or if it simply meant to display the www.usbank.com info (which is what displays in the e-mail)and thengo the www.pll8782.info website? A client received this at home and is wondering if it is a phishing attempt? I know nothing of USBank if it is real or not. Below is an excerpt from the e-mail with the double link in it Any info on this would be appreciated. Thanx == During our regular update and verification of the Internet Banking Accounts, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information. To update your account information and start using our services please click on the link below: a href=http://www.pll8782.info/faq_files/approved/index.html;http://www. usbank.com/internetBanking/RequestRouter?requestCmdId=DisplayLoginPage/ a Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] USBank Scam?
Scam. You surmised correctly. The HTML snippet shows the reader one URL, but the real target of the link is somewhere else entirely. China, actually. Three great web resources to find out who a domain is or where it is: http://openrbl.org http://whois.sc http://www.senderbase.org Using whois to look up the details on who registered a domain, you'll often find that spammy domains are only a few months old, and/or they have obviously fake contact details. Andrew 8) -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, June 14, 2004 7:46 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] USBank Scam? Hi all, I don't know enough about HTML to know if the link below is a normal way to do something, or if it simply meant to display the www.usbank.com info (which is what displays in the e-mail)and thengo the www.pll8782.info website? A client received this at home and is wondering if it is a phishing attempt? I know nothing of USBank if it is real or not. Below is an excerpt from the e-mail with the double link in it Any info on this would be appreciated. Thanx == During our regular update and verification of the Internet Banking Accounts, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information. To update your account information and start using our services please click on the link below: a href=http://www.pll8782.info/faq_files/approved/index.html;http://www. usbank.com/internetBanking/RequestRouter?requestCmdId=DisplayLoginPage/ a Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.