RE: Mystery SpamWare
> Date: Thu, 22 May 2014 17:13:24 -0700 > From: jdeb...@garlic.com > To: users@spamassassin.apache.org > Subject: Re: Mystery SpamWare > > On Thu, 22 May 2014 18:23:48 +0100 > hospice admin wrote: > >> Hi Team, >> >> All of a sudden I've started noticing a lot of spam coming in with >> some fairly unique headers like this: >> >> x-track-version: 4 >> x-track-source: notifire_XXX >> x-track-spooler-id: >> x-track-spooler-split-id: >> x-track-spooler-segment-id: >> x-render: render- >> Precedence: bulk >> x-track-contact-id: >> >> is some number which varies with user to some degree, XXX varies >> by spammer. >> >> Does anyone recognise where these headers come from? >> > > Those headers seem to be tracking headers for commercial email > marketing campaigns. Possibly from Notifire.co.uk, an email > massmarketing firm, calling itself a "white label". Quite uncertain w/o > more data. But those headers are enough to make a filter from or to use > in header checks to reject such trash. > > jd > > Ah ... thank you so much ... our old 'friends' at Neteffekt. Very Helpful. Thanks again Judy.
Re: Mystery SpamWare
On Thu, 22 May 2014 18:23:48 +0100 hospice admin wrote: > Hi Team, > > All of a sudden I've started noticing a lot of spam coming in with > some fairly unique headers like this: > > x-track-version: 4 > x-track-source: notifire_XXX > x-track-spooler-id: > x-track-spooler-split-id: > x-track-spooler-segment-id: > x-render: render- > Precedence: bulk > x-track-contact-id: > > is some number which varies with user to some degree, XXX varies > by spammer. > > Does anyone recognise where these headers come from? > Those headers seem to be tracking headers for commercial email marketing campaigns. Possibly from Notifire.co.uk, an email massmarketing firm, calling itself a "white label". Quite uncertain w/o more data. But those headers are enough to make a filter from or to use in header checks to reject such trash. jd
Re: Mystery SpamWare
On 05/22/2014 07:23 PM, hospice admin wrote: Hi Team, All of a sudden I've started noticing a lot of spam coming in with some fairly unique headers like this: x-track-version: 4 x-track-source: notifire_XXX x-track-spooler-id: x-track-spooler-split-id: x-track-spooler-segment-id: x-render: render- Precedence: bulk x-track-contact-id: is some number which varies with user to some degree, XXX varies by spammer. Does anyone recognise where these headers come from? Thanks can you pastebin a sample?
