Rule for mail contains bad email ids

[Ramprasad]

There are now a few spams passing thru with plain emailids ( not mailto
links ) 

There is noting else in the mail  that can be caught. How can I check
such ids

Show I do a body check after all
Thanks
Ram


Sample spam mail 

---
I have a new email address!
You can now email me at: [EMAIL PROTECTED]

Sir/MA 


I am Abbott Hayes Iam contacting you on business transaction of US$23M 

into a safe AC

- abbott hayes

--

RE: Rule for mail contains bad email ids

[Michael Scheidell]

> -Original Message-
> From: Ramprasad [mailto:[EMAIL PROTECTED] 
> Sent: Friday, July 21, 2006 4:16 AM
> To: spamassassin-users
> Subject: Rule for mail contains bad email ids
> 
> 
> There are now a few spams passing thru with plain emailids ( 
> not mailto links ) 
> 
> There is noting else in the mail  that can be caught. How can 
> I check such ids
> 
> Show I do a body check after all

That's like playing whack-a-mole with spammers.
You would be entering in email addreses all day long.

Anything similar?
All yahoo.com.sg?
(all yahoo.com.[a-z]. ?

Also, feed them to bayes, feed them to dcc, razor and spamcop.
Eventually, they will hit enough points to be blocked by semi-automated
methods.

-- 
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Keep up to date with latest information on IT security: Real time
security alerts: http://www.secnap.com/news

[Fwd: Undeliverable:RE: Rule for mail contains bad email ids]

[Michael Scheidell]

SA email admin?

Wondering why SA mailing list  isn't using SRS or something.

Any mailing list subscriber who sends to the list could get their email
bounced at another list subscriber's if that list subscriber uses
HARDFAIL bounces and the list user has -all type spf records.



 Original Message 

  

  Subject: 
  Undeliverable:RE: Rule for mail contains bad email ids


  Date: 
  Fri, 21 Jul 2006 13:23:49 -0400


  From: 
  System Administrator <[EMAIL PROTECTED]>


  To: 
  Michael Scheidell <[EMAIL PROTECTED]>

  



Your message

  To:  Ramprasad; spamassassin-users
  Subject: RE: Rule for mail contains bad email ids
  Sent:Fri, 21 Jul 2006 08:32:26 -0400

did not reach the following recipient(s):

users@spamassassin.apache.org on Fri, 21 Jul 2006 13:18:27 -0400
The e-mail system was unable to deliver the message, but did not
report a specific reason.  Check the address and try again.  If it still
fails, contact your system administrator.
http://www.openspf.org/why.html?sender=scheidell%40secnap.net&ip=12.145.
52.121&receiver=asf.osuosl.org>




-- 
Michael Scheidell, CTO
SECNAP Network Security / www.secnap.com
[EMAIL PROTECTED]  / 1+561-999-5000, x 1131



Reporting-MTA: dns; secnap2.secnap.com

Final-Recipient: RFC822; users@spamassassin.apache.org
Action: failed
Status: 5.0.0
X-Supplementary-Info: http://www.openspf.org/why.html?sender=scheidell%40secnap.net&ip=12.145.52.121&receiver=asf.osuosl.org>
X-Display-Name: users@spamassassin.apache.org

--- Begin Message ---
Title: RE: Rule for mail contains bad email ids






> -Original Message-
> From: Ramprasad [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 21, 2006 4:16 AM
> To: spamassassin-users
> Subject: Rule for mail contains bad email ids
>
>
> There are now a few spams passing thru with plain emailids (
> not mailto links )
>
> There is noting else in the mail  that can be caught. How can
> I check such ids
>
> Show I do a body check after all

That's like playing whack-a-mole with spammers.
You would be entering in email addreses all day long.

Anything similar?
All yahoo.com.sg?
(all yahoo.com.[a-z]. ?

Also, feed them to bayes, feed them to dcc, razor and spamcop.
Eventually, they will hit enough points to be blocked by semi-automated
methods.

--
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Keep up to date with latest information on IT security: Real time
security alerts: http://www.secnap.com/news






--- End Message ---

Re: [Fwd: Undeliverable:RE: Rule for mail contains bad email ids]

[Daryl C. W. O'Shea]

Michael Scheidell wrote:
> SA email admin?
> 
> Wondering why SA mailing list  isn't using SRS or something.

Really, who does.  Besides SRS would be the wrong solution for a simple
mailing list.


> Any mailing list subscriber who sends to the list could get their email 
> bounced at another list subscriber's if that list subscriber uses 
> HARDFAIL bounces and the list user has -all type spf records.

Nope, apparently "potap01.accessintel.com" has x821 and x822 identities
confused as ezmlm correctly rewrites the envelope.  It's the receivers
SPF implementation that is broken.


Daryl