Re: [mailop] New method of blocking spam
> What get's spammers caught is that eventually they >have to sell you something Gee, did we drop through a wormhole into 1998 or something? R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Spurious 'Client host [xyz] blocked using b.barracudacentral.org' replies
>> Back In The Day, there was a BCP for shutting down a DNSBL that included >> running a daily check of the IP >127.0.0.1 (which should never hit), IIRC, as well as 127.0.0.2 (which should >always return a hit); and if my >memory serves, if either criteria was different (both listed or neither >listed), the DNSBL should be flagged as >not to be trusted. RFC 5782 says that a live DNSxL does list 127.0.0.2 to show that it's alive, and does not list 127.0.0.1 to show that it's not wildcarded. We published that in 2010 but it was in draft form for quite a while before that. For IPv6 BLs, you list :::127.0.0.2 and don't list :::127.0.0.1. For name BLs, you list TEST and don't list INVALID. >IIRC it's explicitly called out as something you can do in Chris and Matt's >DNSBL RFC. That's RFC 6471. It suggests you shut down a DNSBL by delegating it to non-existent name servers in test network 192.0.2.0/24. >I don't know of anyone who implemented it. Implemented what? I have a script that runs once a week to test all the BLs I use for 127.0.0.2 and 127.0.0.1. It comments out any that fail and sends me a note. I think I've caught one or two abandoned ones from my list that way. R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New method of blocking spam
>... What get's spammers caught is that eventually they have to sell you >something That includes all of my legitimate customers... If you want I can get you some legitimate subject lines :-). A few points: - There is a difference between 'real' companies that do stupid/illegal things and 'criminal groups' (who run their operation outside of the law, therefore all their email is spam). How do you detect the difference? - For 'real' companies: How do you 'prove' a relationship between the sender and recipient for a certain part of content? Example: There might be a legitimate relationship between a company and a customer. Company has a crazy idea and wants to start emailing its normal newsletter to everyone, with or without optin. It has now sent, the same email, to two groups. For the first group it is spam, for the second it is ham. - I have seen a lot of normal emails being abused by phishing. They basically copy 'everything' and put one bad link in it. The only difference is that they 'sell a little harder' (get a free iPad) or 'create a little bit more fear' (you internet will be shut down) than in normal emails that we send. The line that you are trying to detect is very thin. But this refers to point #1, basically. Regarding point #1: I think that Google and MS are doing a good job in 'wanting' authentication from 'real' companies. I wish they would publish an official statement saying that non-authenticated emails get spamfiltered for X-points at date X1 and Y-points a few months later, etc etc. Met vriendelijke groet, David Hofstee Deliverability Management MailPlus B.V. Netherlands ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Yahoo issues this evening?
We saw some of this in our logs tonight: Site yahoo.com (98.136.217.203) said in response to MAIL FROM (451 4.3.2 Internal error reading data) Site yahoo.com (66.196.118.36) said in response to MAIL FROM (451 4.3.2 Internal error reading data) Site yahoo.com (66.196.118.37) said in response to MAIL FROM (451 4.3.2 Internal error reading data) Site yahoo.com (63.250.192.46) said in response to MAIL FROM (451 4.3.2 Internal error reading data) Site yahoo.com (98.138.112.35) said in response to MAIL FROM (451 4.3.2 Internal error reading data) Site yahoo.com (98.138.112.38) said in response to MAIL FROM (451 4.3.2 Internal error reading data) Started around 8:15 pm (Central) in earnest. Anyone else see this? Frank ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New method of blocking spam
On Thu, 21 Jan 2016, Marc Perkel wrote: Here is a list of 3494938 words and phrases used in the subject line of SPAM and never seen in the subject line of HAM http://www.junkemailfilter.com/data/subject-spam.txt Well besides all the other objections, I can see all sort of bugs in that corpus, eg I search for words that might be in my emails but probably are not in yours and got the list below. Now obviously the main contact you have with Australia and New Zealand is people spamming for Ugg Boots and Herbal pills but other people have a different profile. Hence all the warnings you find about re-using other people's Bayes databases. auckland, new zealand new zealand tour new zealand high let new zealand your trusted australian we offer australian we sell australian west australia trusted australian true australian top-quality australian australia order australian approved australian internet australian manufacturer australian medicine australian new zealand australian original authentic australian best australian books australia buy australian in sydney australia law australia made in australia official australian online australian the australia zealand tour sydney 2016 sydney is simon the simon. new method to -- Simon Lyall | Very Busy | Web: http://www.simonlyall.com/ "To stay awake all night adds a day to your life" - Stilgar ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Yahoo issues this evening?
You're not the only one that saw it. From my perspective though it looks like it's cleared up. > On Jan 22, 2016, at 21:53, frnk...@iname.com wrote: > > We saw some of this in our logs tonight: > > Site yahoo.com (98.136.217.203) said in response to MAIL FROM (451 4.3.2 > Internal error reading data) > Site yahoo.com (66.196.118.36) said in response to MAIL FROM (451 4.3.2 > Internal error reading data) > Site yahoo.com (66.196.118.37) said in response to MAIL FROM (451 4.3.2 > Internal error reading data) > Site yahoo.com (63.250.192.46) said in response to MAIL FROM (451 4.3.2 > Internal error reading data) > Site yahoo.com (98.138.112.35) said in response to MAIL FROM (451 4.3.2 > Internal error reading data) > Site yahoo.com (98.138.112.38) said in response to MAIL FROM (451 4.3.2 > Internal error reading data) > > Started around 8:15 pm (Central) in earnest. > > Anyone else see this? > > Frank > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New method of blocking spam
On 1/21/16 1:45 PM, Marc Perkel wrote: Just to follow up on this. I'm in the process of improving the filter. But I have filed my provisional patent so i'm going to give you an overview of how it works. As someone who has been involved in spam fighting stuff since 1999 or so, hate to burst any kind of magical bubbles, but "been there, done that". Been doing whitelisting/blacklisting/scoring based on subject lines since 2003 or so using SpamAssassin. Not a new or particularly novel idea at all. Hell, there's whole multi-megabyte .cf files you can grab for SA that help with that kind of scoring. I'm trying to find that checklist that the spam fighting regulars used to post whenever someone is all excited about their end-game to spam filtering... Anyone remember a URL for it? SpamAssassin has been around since... 1997 I think in some form? You might be facing your patent being invalidated by prior art, unless you have some magic thing your doing that isn't what SA and other programs have been doing since the 90s in some manner. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New method of blocking spam
On 1/22/16 9:24 AM, Neil Jenkins wrote: On Fri, 22 Jan 2016, at 11:01 AM, Brielle Bruns wrote: I'm trying to find that checklist that the spam fighting regulars used to post whenever someone is all excited about their end-game to spam filtering... Anyone remember a URL for it? http://craphound.com/spamsolutions.txt I presume. Yes! Thank you. I haven't had my coffee yet. :D -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New method of blocking spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2016-01-22 at 09:01 -0700, Brielle Bruns wrote: > I'm trying to find that checklist that the spam fighting regulars used > to post whenever someone is all excited about their end-game to spam > filtering... Anyone remember a URL for it? Possibly http://www.rhyolite.com/anti-spam/you-might-be.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlaiXKkACgkQL6j7milTFsHTzwCdHU0iBh6xx8p43FPz/KCvpWpg G68An39MhXIHXtzJWjmf9iVZR2WUD9K0 =OiDq -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New method of blocking spam
On Fri, 22 Jan 2016, at 11:01 AM, Brielle Bruns wrote: > I'm trying to find that checklist that the spam fighting regulars used > to post whenever someone is all excited about their end-game to spam > filtering... Anyone remember a URL for it? http://craphound.com/spamsolutions.txt I presume. Neil. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [C] [Fwd: SPF and MX hacks]
On 1/22/16 2:49 PM, Michelle Sullivan wrote: Oh dear, oh dear... Words fail me... not just because he sent me a cease and desist... but that apparently I invented some MX hack when all I was doing was suggesting he might be infringing on the SPF prior art as well as pointing him to other docs about DKIM and DMARC... ...and then he cc'd the babble to news@bbc, news@itn and news@channel4 ...! Not just cc'd to news agencies, but done so with the stupid "private and confidential" disclaimer at the end. Having such a disclaimer at all shows remarkable lack of clue, but putting it on mail copied to news agencies as if a press release? Really? -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New method of blocking spam
What get's spammers caught is that eventually they have to sell you something Gee, did we drop through a wormhole into 1998 or something? He's missing a few somethings. Spammers might not be trying to sell you something. No kidding. The classic example is pump and dump, where they're trying to get you to call your own stockbroker to buy the stock they're touting, with no direct contact at all with the spammer. Even with stuff like drug spam, the number of throwaway domains and redirections between the spam and the payload site is likely to be somewhat higher than someone might expect. A *lot* higher. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop