Re: Gmail spam filters
On 2021-06-17 17:42, Bowie Bailey wrote: Does anyone have any tips on how to get mail through Gmail's spam filters? if 8 millions users say this mail is spam it surrely is spam :) hint if recipients say its not spam to them, then it could change, it does not being controlled by senders, even if senders do there own homework
Re: Gmail spam filters
Dear Bowie, I'm afraid this really isn't a question for this email list, since it has nothing to do with SpamAssassin. However, to not just send you off with nothing: IP reputation plays a big role for Google. If you're hosted by a provider like OVH, that seems to serve lots of cybercriminals, your IP might have been previously used for spamming and therefore just has a bad reputation already. Spammers nowadays also more often set up SPF, DKIM and DMARC properly. If you've made sure you have SSL/TLS enable, SPF, DKIM and DMARC set up, reverse DNS, DNS, and your email server's domain are all set up properly, then really the best thing you can do is give it time and ask people to mark your emails as "not spam" in the mean time. You may also consider changing providers/IP if you're with a more notorious provider. I'm afraid you really can't do much more. It's quite unfair but it's the way things work I'm afraid. But again, this really isn't a question for this list. Perhaps try Libera IRC, some forum or something like Reddit? Kind regards, Bert On 17/06/2021 17:42, Bowie Bailey wrote: This is a bit off-topic, but I'm hoping someone here might have some suggestions. We are having a problem getting mail to Gmail users. It almost always ends up in their spam folder. I have set up SPF, DKIM, and DMARC. The mail-tester.com email test gives a 10/10 for the test emails I have sent to it. The information I've been able to find from Google is completely unhelpful. I tried signing up for their postmaster tools, but my volume is too low to show any data. Does anyone have any tips on how to get mail through Gmail's spam filters? Thanks, Bowie
Gmail spam filters
This is a bit off-topic, but I'm hoping someone here might have some suggestions. We are having a problem getting mail to Gmail users. It almost always ends up in their spam folder. I have set up SPF, DKIM, and DMARC. The mail-tester.com email test gives a 10/10 for the test emails I have sent to it. The information I've been able to find from Google is completely unhelpful. I tried signing up for their postmaster tools, but my volume is too low to show any data. Does anyone have any tips on how to get mail through Gmail's spam filters? Thanks, Bowie
Re: Reporting gmail spam/fraud/phishing
John Hardin skrev den 2018-10-05 19:45: It looks like Google is trying to kill off gmail-ab...@google.com again. abuse@ ignorants ?
Reporting gmail spam/fraud/phishing
Folks: It looks like Google is trying to kill off gmail-ab...@google.com again. Does anybody have a gmail abuse mailbox address that actually works (i.e. that Google actually reads, in addition to merely being deliverable)? A webform is *not* an acceptable alternative. "Don't Be Evil." Bah. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It is not the place of government to make right every tragedy and woe that befalls every resident of the nation. --- 554 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: Reporting gmail spam to Google
Am 19.05.2016 um 17:44 schrieb Joseph Brennan: Reindl Harald wrote: "doing those best" must be the reason for a testing-SPF instead "-all" come on.. Remember that the DMARC people changed Internet Message Format so that "From:" no longer shows the person who wrote the message but must "align" with the mail system that sent the message? remember all the problems it brings like for mailing-lists as this one? Well, they also changed the SPF protocol so that -all should not be used. Using ~all causes processing to continue through DKIM and DMARC, and then the failure gets reported to the "ruf" address. Using -all is just for SPF-only people ah so i need to implement on my side DMARC to give them the benefit of DMARC reports while i could with a proper setup JUST REJECT a froged message long before SpamAssassin - what a improvement anyways, your whole DMARC stuff has *nothing* to do with what you responded original because it don't and can't change ANYTHING about spam from gmail accounts, they pass SPF/DKIM/DMARC so what do you try to explain me? scoll up in the thread where you startet to respond about DMARC and then try to get the context of the thread - hint: it has NOTHING to do with forged mail from whatever servers signature.asc Description: OpenPGP digital signature
Re: Reporting gmail spam to Google
Reindl Harald wrote: > "doing those best" must be the reason for a testing-SPF instead "-all" > come on.. Remember that the DMARC people changed Internet Message Format so that "From:" no longer shows the person who wrote the message but must "align" with the mail system that sent the message? Well, they also changed the SPF protocol so that -all should not be used. Using ~all causes processing to continue through DKIM and DMARC, and then the failure gets reported to the "ruf" address. Using -all is just for SPF-only people. Joseph Brennan Columbia University Information Technology
Re: Reporting gmail spam to Google
Am 18.05.2016 um 20:03 schrieb Charles Sprickman: On May 18, 2016, at 9:06 AM, Reindl Harald wrote: Am 18.05.2016 um 15:00 schrieb Emiliano Vazquez: El 18/05/16 a las 05:44, Reindl Harald escribió: Is there any address that I can forward gmail spam to google for reporting? ab...@google.com should be the address (the mail was delivered to your network by *.google.com host, wasn't it?) HI guys. Google only let you send 300 e-mails per day to another domains if you are using free @gmail account. Maybe Google Apps can have more than that. Do you receive a lot of spam from the same account? not usually but that's not the point - the point is how they behave when you report spreaded phising over different accounts reaching a lot of your customers and don't change the fact that a large part of junk making it to SA at all comes from large freemail providers including google while mostly aol/yahoo This stems from Hooli’s, oops, I mean Google’s culture. They build things correctly. Users know nothing. No feedback is needed no - it's like for most large companies taking a lot of resposibility but not able to handle it starts typically above 20 employes signature.asc Description: OpenPGP digital signature
Re: Reporting gmail spam to Google
> On May 18, 2016, at 9:06 AM, Reindl Harald wrote: > > > > Am 18.05.2016 um 15:00 schrieb Emiliano Vazquez: >> El 18/05/16 a las 05:44, Reindl Harald escribió: >>>> Is there any address that I can forward gmail spam to google for >>>> reporting? >>> >>> ab...@google.com should be the address (the mail was delivered to your >>> network by *.google.com host, wasn't it?) >> HI guys. >> >> >> Google only let you send 300 e-mails per day to another domains if you >> are using free @gmail account. Maybe Google Apps can have more than >> that. Do you receive a lot of spam from the same account? > > not usually but that's not the point - the point is how they behave when you > report spreaded phising over different accounts reaching a lot of your > customers and don't change the fact that a large part of junk making it to SA > at all comes from large freemail providers including google while mostly > aol/yahoo > This stems from Hooli’s, oops, I mean Google’s culture. They build things correctly. Users know nothing. No feedback is needed. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Reporting gmail spam to Google
On 5/18/2016 11:10 AM, Alarig Le Lay wrote: On Thu May 19 00:00:31 2016, Byung-Hee HWANG (황병희) wrote: As far as i know, they are doing those best to reduce spam by DMARC. DMARC is used to prevent incomming spam, not outgoing. Well to be more specific, DMARC allows forgeries to be aggressively rejected. Doesn't help a bit when your users are sending spam.
Re: Reporting gmail spam to Google
Am 18.05.2016 um 17:00 schrieb Byung-Hee HWANG: On 2016년 5월 18일 오후 10시 6분 28초 GMT+09:00, Reindl Harald wrote: not usually but that's not the point - the point is how they behave when you report spreaded phising over different accounts reaching a lot of your customers and don't change the fact that a large part of junk making it to SA at all comes from large freemail providers including google while mostly aol/yahoo As far as i know, they are doing those best to reduce spam by DMARC "doing those best" must be the reason for a testing-SPF instead "-all" come on.. gmail.com. 300 IN TXT "v=spf1 redirect=_spf.google.com" _spf.google.com.300 IN TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" signature.asc Description: OpenPGP digital signature
Re: Reporting gmail spam to Google
On Thu May 19 00:00:31 2016, Byung-Hee HWANG (황병희) wrote: > As far as i know, they are doing those best to reduce spam by DMARC. DMARC is used to prevent incomming spam, not outgoing. -- alarig signature.asc Description: Digital signature
Re: Reporting gmail spam to Google
El 18/05/16 a las 10:06, Reindl Harald escribió: not usually but that's not the point - the point is how they behave when you report spreaded phising over different accounts reaching a lot of your customers and don't change the fact that a large part of junk making it to SA at all comes from large freemail providers including google while mostly aol/yahoo You got a point! This is totally true. Best regards. Emiliano.
Re: Reporting gmail spam to Google
On 2016년 5월 18일 오후 10시 6분 28초 GMT+09:00, Reindl Harald wrote: > > >Am 18.05.2016 um 15:00 schrieb Emiliano Vazquez: >> El 18/05/16 a las 05:44, Reindl Harald escribió: >>>> Is there any address that I can forward gmail spam to google for >>>> reporting? >>> >>> ab...@google.com should be the address (the mail was delivered to >your >>> network by *.google.com host, wasn't it?) >> HI guys. >> >> >> Google only let you send 300 e-mails per day to another domains if >you >> are using free @gmail account. Maybe Google Apps can have more than >> that. Do you receive a lot of spam from the same account? > >not usually but that's not the point - the point is how they behave >when >you report spreaded phising over different accounts reaching a lot of >your customers and don't change the fact that a large part of junk >making it to SA at all comes from large freemail providers including >google while mostly aol/yahoo As far as i know, they are doing those best to reduce spam by DMARC. -- ^고맙습니다 감사합니다_^))//
Re: Reporting gmail spam to Google
Am 18.05.2016 um 15:00 schrieb Emiliano Vazquez: El 18/05/16 a las 05:44, Reindl Harald escribió: Is there any address that I can forward gmail spam to google for reporting? ab...@google.com should be the address (the mail was delivered to your network by *.google.com host, wasn't it?) HI guys. Google only let you send 300 e-mails per day to another domains if you are using free @gmail account. Maybe Google Apps can have more than that. Do you receive a lot of spam from the same account? not usually but that's not the point - the point is how they behave when you report spreaded phising over different accounts reaching a lot of your customers and don't change the fact that a large part of junk making it to SA at all comes from large freemail providers including google while mostly aol/yahoo signature.asc Description: OpenPGP digital signature
Re: Reporting gmail spam to Google
El 18/05/16 a las 05:44, Reindl Harald escribió: Is there any address that I can forward gmail spam to google for reporting? ab...@google.com should be the address (the mail was delivered to your network by *.google.com host, wasn't it?) HI guys. Google only let you send 300 e-mails per day to another domains if you are using free @gmail account. Maybe Google Apps can have more than that. Do you receive a lot of spam from the same account? Best regards. Emiliano.
Re: Reporting gmail spam to Google
Am 18.05.2016 um 09:32 schrieb Matus UHLAR - fantomas: Am 17.05.2016 um 20:30 schrieb Matus UHLAR - fantomas: On 17.05.16 09:10, Marc Perkel wrote: Is there any address that I can forward gmail spam to google for reporting? ab...@google.com should be the address (the mail was delivered to your network by *.google.com host, wasn't it?) On 17.05.16 21:41, Reindl Harald wrote: and you did ever get a response there exept "go too googlegroups and read this and that" from a bot? last time I remember the response was that they care of bugreports... what you mean was iirc something like "for more info go to groups..." i made some abuse reports to google and got back sometuing in the style "this is a autoreply, this mailbox is not read, go here and there", likely 3 years ago, maybe they changed their attitude in the meantime signature.asc Description: OpenPGP digital signature
Re: Reporting gmail spam to Google
Am 17.05.2016 um 20:30 schrieb Matus UHLAR - fantomas: On 17.05.16 09:10, Marc Perkel wrote: Is there any address that I can forward gmail spam to google for reporting? ab...@google.com should be the address (the mail was delivered to your network by *.google.com host, wasn't it?) On 17.05.16 21:41, Reindl Harald wrote: and you did ever get a response there exept "go too googlegroups and read this and that" from a bot? last time I remember the response was that they care of bugreports... what you mean was iirc something like "for more info go to groups..." -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers.
Re: Reporting gmail spam to Google
Am 17.05.2016 um 20:30 schrieb Matus UHLAR - fantomas: On 17.05.16 09:10, Marc Perkel wrote: Is there any address that I can forward gmail spam to google for reporting? ab...@google.com should be the address (the mail was delivered to your network by *.google.com host, wasn't it?) and you did ever get a response there exept "go too googlegroups and read this and that" from a bot? signature.asc Description: OpenPGP digital signature
Re: Reporting gmail spam to Google
On 17.05.16 09:10, Marc Perkel wrote: Is there any address that I can forward gmail spam to google for reporting? ab...@google.com should be the address (the mail was delivered to your network by *.google.com host, wasn't it?) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity...
Re: Reporting gmail spam to Google
On Tue, 17 May 2016, Marc Perkel wrote: Is there any address that I can forward gmail spam to google for reporting? Theoretically -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security. -- Bruce Schneier --- 147 days since the first successful real return to launch site (SpaceX)
Reporting gmail spam to Google
Is there any address that I can forward gmail spam to google for reporting? -- Marc Perkel - Sales/Support supp...@junkemailfilter.com http://www.junkemailfilter.com Junk Email Filter dot com 415-992-3400
Re: Hotmail and Gmail spam getting through
Joseph Brennan wrote: But-- how do you count consecutive lines of raw /^=0A=$/ with the tool we are using? Not counting, but triggering on 5 or more: fullFRUKT_EMPTY_QP /\r?\n(?:=0A=\r?\n){5}/s (I'm not a rule guru, so it wouldn't suprise me if there are better ways.) Regards /Jonas -- Jonas Eckerman, FSDB & Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
Re: Hotmail and Gmail spam getting through
http://www.nabble.com/file/p17876019/pharmaspam.txt pharmaspam.txt This one is very distinctive, with all those lines of just =0A= (encoded newline). I've seen it many times. But-- how do you count consecutive lines of raw /^=0A=$/ with the tool we are using? Joseph Brennan Columbia University Information Technology
Re: Hotmail and Gmail spam getting through
omehegan <[EMAIL PROTECTED]> wrote: > It looks like Hotmail and Gmail's captcha has been broken. I'm getting spam > using their domains as return addresses, and the messages pass SPF. I assume > there are other people getting these. I've attached two - the second one > doesn't even seem to be advertising anything. Can anyone suggest a way to > filter these? It is difficult to suggest anything that would not involve a prohibitive increase in false positives. Best thing is to email their support and postmaster addresses. Eventually (hopefully?) they'll stop facilitating the circulation of this garbage. -- Sahil Tandon <[EMAIL PROTECTED]>
Hotmail and Gmail spam getting through
It looks like Hotmail and Gmail's captcha has been broken. I'm getting spam using their domains as return addresses, and the messages pass SPF. I assume there are other people getting these. I've attached two - the second one doesn't even seem to be advertising anything. Can anyone suggest a way to filter these? I'm using SA 3.2.1, running spamd, routing mail to it from Postfix on Linux. http://www.nabble.com/file/p17876019/pharmaspam.txt pharmaspam.txt http://www.nabble.com/file/p17876019/weirdspam.txt weirdspam.txt -- View this message in context: http://www.nabble.com/Hotmail-and-Gmail-spam-getting-through-tp17876019p17876019.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
A few rules to catch current gmail spam
CKENPOX_84 + J_CHICKENPOX_91 + J_CHICKENPOX_92 + J_CHICKENPOX_93 + J_CHICKENPOX_101 + J_CHICKENPOX_102 ) > 4) describe FHS_COUNT_CHICKENPOX_5 Five or more odd character combinations score FHS_COUNT_CHICKENPOX_50.1 meta FHS_COUNT_CHICKENPOX_7 (( J_CHICKENPOX_12 + J_CHICKENPOX_13 + J_CHICKENPOX_14 + J_CHICKENPOX_15 + J_CHICKENPOX_16 + J_CHICKENPOX_17 + J_CHICKENPOX_18 + J_CHICKENPOX_19 + J_CHICKENPOX_110 + J_CHICKENPOX_111 + J_CHICKENPOX_21 + J_CHICKENPOX_22 + J_CHICKENPOX_23 + J_CHICKENPOX_24 + J_CHICKENPOX_25 + J_CHICKENPOX_26 + J_CHICKENPOX_27 + J_CHICKENPOX_28 + J_CHICKENPOX_29 + J_CHICKENPOX_210 + J_CHICKENPOX_31 + J_CHICKENPOX_32 + J_CHICKENPOX_33 + J_CHICKENPOX_34 + J_CHICKENPOX_35 + J_CHICKENPOX_36 + J_CHICKENPOX_37 + J_CHICKENPOX_38 + J_CHICKENPOX_39 + J_CHICKENPOX_41 + J_CHICKENPOX_42 + J_CHICKENPOX_43 + J_CHICKENPOX_44 + J_CHICKENPOX_45 + J_CHICKENPOX_46 + J_CHICKENPOX_47 + J_CHICKENPOX_48 + J_CHICKENPOX_51 + J_CHICKENPOX_52 + J_CHICKENPOX_53 + J_CHICKENPOX_54 + J_CHICKENPOX_55 + J_CHICKENPOX_56 + J_CHICKENPOX_57 + J_CHICKENPOX_61 + J_CHICKENPOX_62 + J_CHICKENPOX_63 + J_CHICKENPOX_64 + J_CHICKENPOX_65 + J_CHICKENPOX_66 + J_CHICKENPOX_71 + J_CHICKENPOX_72 + J_CHICKENPOX_73 + J_CHICKENPOX_74 + J_CHICKENPOX_75 + J_CHICKENPOX_81 + J_CHICKENPOX_82 + J_CHICKENPOX_83 + J_CHICKENPOX_84 + J_CHICKENPOX_91 + J_CHICKENPOX_92 + J_CHICKENPOX_93 + J_CHICKENPOX_101 + J_CHICKENPOX_102 ) > 6) describe FHS_COUNT_CHICKENPOX_7 Seven or more odd character combinations score FHS_COUNT_CHICKENPOX_70.1 meta FHS_COUNT_CHICKENPOX_9 (( J_CHICKENPOX_12 + J_CHICKENPOX_13 + J_CHICKENPOX_14 + J_CHICKENPOX_15 + J_CHICKENPOX_16 + J_CHICKENPOX_17 + J_CHICKENPOX_18 + J_CHICKENPOX_19 + J_CHICKENPOX_110 + J_CHICKENPOX_111 + J_CHICKENPOX_21 + J_CHICKENPOX_22 + J_CHICKENPOX_23 + J_CHICKENPOX_24 + J_CHICKENPOX_25 + J_CHICKENPOX_26 + J_CHICKENPOX_27 + J_CHICKENPOX_28 + J_CHICKENPOX_29 + J_CHICKENPOX_210 + J_CHICKENPOX_31 + J_CHICKENPOX_32 + J_CHICKENPOX_33 + J_CHICKENPOX_34 + J_CHICKENPOX_35 + J_CHICKENPOX_36 + J_CHICKENPOX_37 + J_CHICKENPOX_38 + J_CHICKENPOX_39 + J_CHICKENPOX_41 + J_CHICKENPOX_42 + J_CHICKENPOX_43 + J_CHICKENPOX_44 + J_CHICKENPOX_45 + J_CHICKENPOX_46 + J_CHICKENPOX_47 + J_CHICKENPOX_48 + J_CHICKENPOX_51 + J_CHICKENPOX_52 + J_CHICKENPOX_53 + J_CHICKENPOX_54 + J_CHICKENPOX_55 + J_CHICKENPOX_56 + J_CHICKENPOX_57 + J_CHICKENPOX_61 + J_CHICKENPOX_62 + J_CHICKENPOX_63 + J_CHICKENPOX_64 + J_CHICKENPOX_65 + J_CHICKENPOX_66 + J_CHICKENPOX_71 + J_CHICKENPOX_72 + J_CHICKENPOX_73 + J_CHICKENPOX_74 + J_CHICKENPOX_75 + J_CHICKENPOX_81 + J_CHICKENPOX_82 + J_CHICKENPOX_83 + J_CHICKENPOX_84 + J_CHICKENPOX_91 + J_CHICKENPOX_92 + J_CHICKENPOX_93 + J_CHICKENPOX_101 + J_CHICKENPOX_102 ) > 8) describe FHS_COUNT_CHICKENPOX_9 Nine or more odd character combinations score FHS_COUNT_CHICKENPOX_90.1 meta FREEMAIL_CHICKENPOX_3 (FREEMAIL_FROM && FHS_COUNT_CHICKENPOX_3) describe FREEMAIL_CHICKENPOX_3 From a freemail address and has three or more odd character combinations score FREEMAIL_CHICKENPOX_3 0.1 meta FREEMAIL_CHICKENPOX_5 (FREEMAIL_FROM && FHS_COUNT_CHICKENPOX_5) describe FREEMAIL_CHICKENPOX_5 From a freemail address and has five or more odd character combinations score FREEMAIL_CHICKENPOX_5 0.4 meta FREEMAIL_CHICKENPOX_7 (FREEMAIL_FROM && FHS_COUNT_CHICKENPOX_7) describe FREEMAIL_CHICKENPOX_7 From a freemail address and has seven or more odd character combinations score FREEMAIL_CHICKENPOX_7 0.3 meta FREEMAIL_CHICKENPOX_9 (FREEMAIL_FROM && FHS_COUNT_CHICKENPOX_9) describe FREEMAIL_CHICKENPOX_9 From a freemail address and has nine or more odd character combinations score FREEMAIL_CHICKENPOX_9 0.2 You could also create a meta rule that puts all of this together and basically kills (gives a very hight score to) any email from a freemail address which has a specific number of strange character combinations in it and which links with propper html to a free blog site... I'll leave that for you to work out! Any comments or suggestions? -- View this message in context: http://www.nabble.com/A-few-rules-to-catch-current-gmail-spam-tp17590682p17590682.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Gmail spam
Repeat - it NEVER WENT NEAR gmail. That part is pure forgery. {^_^} - Original Message - From: "Jason Staudenmayer" <[EMAIL PROTECTED]> I see ... I'll have to see why my qmail didn't drop it for those address issues. Thanks -Original Message- From: Jamie L. Penman-Smithson [mailto:[EMAIL PROTECTED] On 9 Jun 2006, at 13:56, Jason Staudenmayer wrote: Is anyone else getting spam from gmail? The ones I'm getting are very lengthy but doesn't look like bayes poison. It's _not from_ GMail. Received: from unknown (HELO 192.168.0.4) (66.148.73.132) by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun 2006 05:05:20 -0800 Message-Id: <[EMAIL PROTECTED]> From: "Marcelino Crews" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: this weeks stock pick KMAG - build a strong position now Maybe gmail has an open relay? Or does this look like something else? No, you should be looking at this header: Received: from unknown (HELO 192.168.0.4) (66.148.73.132) by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - This message was received from [66.148.73.132] with no rDNS and using a private non-routable IP in HELO. The IP in question is owned by HopOne: NetRange: 66.148.64.0 - 66.148.127.255 CIDR: 66.148.64.0/18 OrgName:HopOne Internet Corporation OrgID: HOPO Address:1010 Wisconsin Avenue N.W. City: Washington StateProv: DC PostalCode: 20007-3603 Country:US It doesn't match the SPF record for gmail.com either: _spf.google.com.300 IN TXT "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all" The sender address is forged, as is common. IOW it should have been rejected outright before it even got to SA, either because it has no rDNS, or because it used an invalid address literal (1.2.3.4 instead of [1.2.3.4]), or because it used a private non-routable IP in HELO. -j
Re: Gmail spam
Off hand you could not convince me that this message ever got near gmail servers. {^_^} - Original Message - From: "Jason Staudenmayer" <[EMAIL PROTECTED]> Is anyone else getting spam from gmail? The ones I'm getting are very lengthy but doesn't look like bayes poison. Microsoft Mail Internet Headers Version 2.0 Received: from mail2.adventureaquarium.com ([10.0.0.205]) by MAIL-I.adventureaquarium.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 8 Jun 2006 08:05:21 -0400 Received: (qmail 31386 invoked from network); 8 Jun 2006 12:05:21 - Received: from [EMAIL PROTECTED] by mail2.adventureaquarium.com by uid 503 with qmail-scanner-1.20 (clamdscan: 0.88.2/1467. spamassassin: 3.1.1. Clear:RC:0(66.148.73.132):SA:0(2.2/7.5):. Processed in 0.48126 secs); 08 Jun 2006 12:05:21 - X-Spam-Status: No, hits=2.2 required=7.5 X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via mail2.adventureaquarium.com X-Qmail-Scanner: 1.20 (Clear:RC:0(66.148.73.132):SA:0(2.2/7.5):. Processed in 0.48126 secs) Received: from unknown (HELO 192.168.0.4) (66.148.73.132) by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun 2006 05:05:20 -0800 Message-Id: <[EMAIL PROTECTED]> From: "Marcelino Crews" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: this weeks stock pick KMAG - build a strong position now X-Mailer: Opera/6.05 (Windows 2000; U) [fi] Date: Thu, 08 Jun 2006 05:05:20 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="Boundary-00=_9HReE4jIy7jpiF0" Content-Transfer-Encoding: 7bit Content-Disposition: inline To: [EMAIL PROTECTED] Subject: this weeks stock pick KMAG - build a strong position now Maybe gmail has an open relay? Or does this look like something else? Jason
Re: Gmail spam
| If you apply the needed | 27,000 patches to qmail, you can actually get it to refuse garbage | HELO/EHLO arguments like the '192.168.0.4' that is came in with (or | client hosts with no rDNS, etc.); Or you could update to a MTA which | is supported by its author(s) still. LMAO, Well said. Although I do use Qmail on a few servers, you hit the nail on the head! I love my Sendmail ;-)
Re: Gmail spam
>... >Is anyone else getting spam from gmail? The ones I'm getting are very >lengthy but doesn't look like bayes poison. > > >Microsoft Mail Internet Headers Version 2.0 >Received: from mail2.adventureaquarium.com ([10.0.0.205]) by >MAIL-I.adventureaquarium.com with Microsoft SMTPSVC(5.0.2195.6713); >Thu, 8 Jun 2006 08:05:21 -0400 >Received: (qmail 31386 invoked from network); 8 Jun 2006 12:05:21 - >Received: from [EMAIL PROTECTED] by >mail2.adventureaquarium.com by uid 503 with qmail-scanner-1.20 > (clamdscan: 0.88.2/1467. spamassassin: 3.1.1. >Clear:RC:0(66.148.73.132):SA:0(2.2/7.5):. > Processed in 0.48126 secs); 08 Jun 2006 12:05:21 - >X-Spam-Status: No, hits=2.2 required=7.5 >X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via >mail2.adventureaquarium.com >X-Qmail-Scanner: 1.20 (Clear:RC:0(66.148.73.132):SA:0(2.2/7.5):. >Processed in 0.48126 secs) >Received: from unknown (HELO 192.168.0.4) (66.148.73.132) > by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - >Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun >2006 05:05:20 -0800 >Message-Id: <[EMAIL PROTECTED]> >From: "Marcelino Crews" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: this weeks stock pick KMAG - build a strong position now >X-Mailer: Opera/6.05 (Windows 2000; U) [fi] >Date: Thu, 08 Jun 2006 05:05:20 -0800 >MIME-Version: 1.0 >Content-Type: multipart/alternative; > boundary="Boundary-00=_9HReE4jIy7jpiF0" >Content-Transfer-Encoding: 7bit >Content-Disposition: inline >To: [EMAIL PROTECTED] >Subject: this weeks stock pick KMAG - build a strong position now > > >Maybe gmail has an open relay? Or does this look like something else? > >Jason > Spam, from Gmail? Who would have ever believed it! Plenty of spam does come through Gmail, but yours looks like it came from HopOne (i.e. IP 66.148.73.132). If you apply the needed 27,000 patches to qmail, you can actually get it to refuse garbage HELO/EHLO arguments like the '192.168.0.4' that is came in with (or client hosts with no rDNS, etc.); Or you could update to a MTA which is supported by its author(s) still. Paul Shupak [EMAIL PROTECTED]
RE: Gmail spam
I think I found it, I missed the '.' in my helocheck setting. -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: Friday, June 09, 2006 9:45 AM To: Jason Staudenmayer; Jamie L. Penman-Smithson Cc: users@spamassassin.apache.org Subject: RE: Gmail spam Don't know about qmail, but in sendmail you can easily reject the mail because of this 'forged helo'. -Sietse From: Jason Staudenmayer [mailto:[EMAIL PROTECTED] Sent: Fri 09-Jun-06 15:35 To: Jamie L. Penman-Smithson Cc: users@spamassassin.apache.org Subject: RE: Gmail spam I see ... I'll have to see why my qmail didn't drop it for those address issues. Thanks -Original Message- From: Jamie L. Penman-Smithson [mailto:[EMAIL PROTECTED] Sent: Friday, June 09, 2006 9:26 AM To: Jason Staudenmayer Cc: users@spamassassin.apache.org Subject: Re: Gmail spam On 9 Jun 2006, at 13:56, Jason Staudenmayer wrote: > Is anyone else getting spam from gmail? The ones I'm getting are very > lengthy but doesn't look like bayes poison. It's _not from_ GMail. > Received: from unknown (HELO 192.168.0.4) (66.148.73.132) > by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - > Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun > 2006 05:05:20 -0800 > Message-Id: <[EMAIL PROTECTED]> > From: "Marcelino Crews" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: this weeks stock pick KMAG - build a strong position now > > Maybe gmail has an open relay? Or does this look like something else? No, you should be looking at this header: > Received: from unknown (HELO 192.168.0.4) (66.148.73.132) > by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - This message was received from [66.148.73.132] with no rDNS and using a private non-routable IP in HELO. The IP in question is owned by HopOne: NetRange: 66.148.64.0 - 66.148.127.255 CIDR: 66.148.64.0/18 OrgName:HopOne Internet Corporation OrgID: HOPO Address:1010 Wisconsin Avenue N.W. City: Washington StateProv: DC PostalCode: 20007-3603 Country:US It doesn't match the SPF record for gmail.com either: _spf.google.com.300 IN TXT "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all" The sender address is forged, as is common. IOW it should have been rejected outright before it even got to SA, either because it has no rDNS, or because it used an invalid address literal (1.2.3.4 instead of [1.2.3.4]), or because it used a private non-routable IP in HELO. -j
RE: Gmail spam
Don't know about qmail, but in sendmail you can easily reject the mail because of this 'forged helo'. -Sietse From: Jason Staudenmayer [mailto:[EMAIL PROTECTED] Sent: Fri 09-Jun-06 15:35 To: Jamie L. Penman-Smithson Cc: users@spamassassin.apache.org Subject: RE: Gmail spam I see ... I'll have to see why my qmail didn't drop it for those address issues. Thanks -Original Message- From: Jamie L. Penman-Smithson [mailto:[EMAIL PROTECTED] Sent: Friday, June 09, 2006 9:26 AM To: Jason Staudenmayer Cc: users@spamassassin.apache.org Subject: Re: Gmail spam On 9 Jun 2006, at 13:56, Jason Staudenmayer wrote: > Is anyone else getting spam from gmail? The ones I'm getting are very > lengthy but doesn't look like bayes poison. It's _not from_ GMail. > Received: from unknown (HELO 192.168.0.4) (66.148.73.132) > by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - > Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun > 2006 05:05:20 -0800 > Message-Id: <[EMAIL PROTECTED]> > From: "Marcelino Crews" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: this weeks stock pick KMAG - build a strong position now > > Maybe gmail has an open relay? Or does this look like something else? No, you should be looking at this header: > Received: from unknown (HELO 192.168.0.4) (66.148.73.132) > by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - This message was received from [66.148.73.132] with no rDNS and using a private non-routable IP in HELO. The IP in question is owned by HopOne: NetRange: 66.148.64.0 - 66.148.127.255 CIDR: 66.148.64.0/18 OrgName:HopOne Internet Corporation OrgID: HOPO Address:1010 Wisconsin Avenue N.W. City: Washington StateProv: DC PostalCode: 20007-3603 Country:US It doesn't match the SPF record for gmail.com either: _spf.google.com.300 IN TXT "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all" The sender address is forged, as is common. IOW it should have been rejected outright before it even got to SA, either because it has no rDNS, or because it used an invalid address literal (1.2.3.4 instead of [1.2.3.4]), or because it used a private non-routable IP in HELO. -j
RE: Gmail spam
I see ... I'll have to see why my qmail didn't drop it for those address issues. Thanks -Original Message- From: Jamie L. Penman-Smithson [mailto:[EMAIL PROTECTED] Sent: Friday, June 09, 2006 9:26 AM To: Jason Staudenmayer Cc: users@spamassassin.apache.org Subject: Re: Gmail spam On 9 Jun 2006, at 13:56, Jason Staudenmayer wrote: > Is anyone else getting spam from gmail? The ones I'm getting are very > lengthy but doesn't look like bayes poison. It's _not from_ GMail. > Received: from unknown (HELO 192.168.0.4) (66.148.73.132) > by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - > Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun > 2006 05:05:20 -0800 > Message-Id: <[EMAIL PROTECTED]> > From: "Marcelino Crews" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: this weeks stock pick KMAG - build a strong position now > > Maybe gmail has an open relay? Or does this look like something else? No, you should be looking at this header: > Received: from unknown (HELO 192.168.0.4) (66.148.73.132) > by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - This message was received from [66.148.73.132] with no rDNS and using a private non-routable IP in HELO. The IP in question is owned by HopOne: NetRange: 66.148.64.0 - 66.148.127.255 CIDR: 66.148.64.0/18 OrgName:HopOne Internet Corporation OrgID: HOPO Address:1010 Wisconsin Avenue N.W. City: Washington StateProv: DC PostalCode: 20007-3603 Country:US It doesn't match the SPF record for gmail.com either: _spf.google.com.300 IN TXT "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all" The sender address is forged, as is common. IOW it should have been rejected outright before it even got to SA, either because it has no rDNS, or because it used an invalid address literal (1.2.3.4 instead of [1.2.3.4]), or because it used a private non-routable IP in HELO. -j
Re: Gmail spam
On 9 Jun 2006, at 13:56, Jason Staudenmayer wrote: Is anyone else getting spam from gmail? The ones I'm getting are very lengthy but doesn't look like bayes poison. It's _not from_ GMail. Received: from unknown (HELO 192.168.0.4) (66.148.73.132) by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun 2006 05:05:20 -0800 Message-Id: <[EMAIL PROTECTED]> From: "Marcelino Crews" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: this weeks stock pick KMAG - build a strong position now Maybe gmail has an open relay? Or does this look like something else? No, you should be looking at this header: Received: from unknown (HELO 192.168.0.4) (66.148.73.132) by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - This message was received from [66.148.73.132] with no rDNS and using a private non-routable IP in HELO. The IP in question is owned by HopOne: NetRange: 66.148.64.0 - 66.148.127.255 CIDR: 66.148.64.0/18 OrgName:HopOne Internet Corporation OrgID: HOPO Address:1010 Wisconsin Avenue N.W. City: Washington StateProv: DC PostalCode: 20007-3603 Country:US It doesn't match the SPF record for gmail.com either: _spf.google.com.300 IN TXT "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all" The sender address is forged, as is common. IOW it should have been rejected outright before it even got to SA, either because it has no rDNS, or because it used an invalid address literal (1.2.3.4 instead of [1.2.3.4]), or because it used a private non-routable IP in HELO. -j PGP.sig Description: This is a digitally signed message part
Re: Gmail spam
BTW, email coming from Gmail servers (including valid one) is already being blocked by several real time blacklists (RBLs) On 6/9/06, Jason Staudenmayer <[EMAIL PROTECTED]> wrote: Is anyone else getting spam from gmail? The ones I'm getting are very lengthy but doesn't look like bayes poison. -- Atentamente / Kind regards Alejandro Lengua, Virtual Orbis eBusiness Services www.virtualorbis.com, www.vohosting.com
Re: Gmail spam
Jason Staudenmayer wrote: Is anyone else getting spam from gmail? The ones I'm getting are very lengthy but doesn't look like bayes poison. Microsoft Mail Internet Headers Version 2.0 Received: from mail2.adventureaquarium.com ([10.0.0.205]) by MAIL-I.adventureaquarium.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 8 Jun 2006 08:05:21 -0400 Received: (qmail 31386 invoked from network); 8 Jun 2006 12:05:21 - Received: from [EMAIL PROTECTED] by mail2.adventureaquarium.com by uid 503 with qmail-scanner-1.20 (clamdscan: 0.88.2/1467. spamassassin: 3.1.1. Clear:RC:0(66.148.73.132):SA:0(2.2/7.5):. Processed in 0.48126 secs); 08 Jun 2006 12:05:21 - X-Spam-Status: No, hits=2.2 required=7.5 X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via mail2.adventureaquarium.com X-Qmail-Scanner: 1.20 (Clear:RC:0(66.148.73.132):SA:0(2.2/7.5):. Processed in 0.48126 secs) Received: from unknown (HELO 192.168.0.4) (66.148.73.132) by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - Hi, What makes you think it came from gmail ? I see no signs of it originating from there. Regards, Rick
Gmail spam
Is anyone else getting spam from gmail? The ones I'm getting are very lengthy but doesn't look like bayes poison. Microsoft Mail Internet Headers Version 2.0 Received: from mail2.adventureaquarium.com ([10.0.0.205]) by MAIL-I.adventureaquarium.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 8 Jun 2006 08:05:21 -0400 Received: (qmail 31386 invoked from network); 8 Jun 2006 12:05:21 - Received: from [EMAIL PROTECTED] by mail2.adventureaquarium.com by uid 503 with qmail-scanner-1.20 (clamdscan: 0.88.2/1467. spamassassin: 3.1.1. Clear:RC:0(66.148.73.132):SA:0(2.2/7.5):. Processed in 0.48126 secs); 08 Jun 2006 12:05:21 - X-Spam-Status: No, hits=2.2 required=7.5 X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via mail2.adventureaquarium.com X-Qmail-Scanner: 1.20 (Clear:RC:0(66.148.73.132):SA:0(2.2/7.5):. Processed in 0.48126 secs) Received: from unknown (HELO 192.168.0.4) (66.148.73.132) by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun 2006 05:05:20 -0800 Message-Id: <[EMAIL PROTECTED]> From: "Marcelino Crews" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: this weeks stock pick KMAG - build a strong position now X-Mailer: Opera/6.05 (Windows 2000; U) [fi] Date: Thu, 08 Jun 2006 05:05:20 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="Boundary-00=_9HReE4jIy7jpiF0" Content-Transfer-Encoding: 7bit Content-Disposition: inline To: [EMAIL PROTECTED] Subject: this weeks stock pick KMAG - build a strong position now Maybe gmail has an open relay? Or does this look like something else? Jason