Re: SPAM message format, or not ?
On Thu, 2019-12-19 at 16:56 +, Chip M. wrote: > On Wed, 18 Dec 2019, John Hardin wrote: > > Can you post a spample > > This is a very interesting pattern that I've seen in a few (9) spams > this week. > Here's a spample (with only the To header MUNGED): > > http://puffin.net/software/spam/samples/0062_snow_style_chaff_aws.txt > Lindsay, is that what you're seeing? Exactly. All of these verifiably come from Amazon IP addresses. I filed one abuse report with Amazon, jumping through all the hoops spec'd in their whois listing, but I doubt if it does any good. The Big Guys don't need to allocate any of their hard-earned resources to clamping down on spam sent trom their customers' accounts :( -- Lindsay Haisley | "UNIX is user-friendly, it just FMP Computer Services | chooses its friends." 512-259-1190 | -- Andreas Bogk http://www.fmp.com|
Re: SPAM message format, or not ?
On Wed, 18 Dec 2019, Lindsay Haisley wrote: I've been getting a lot of spams here with a format similar to: [snip] d171f2b7-af04-5a8-5a8-cee259c46b8f 9fc2adda-9160-c56-c56-feadd16b0acc cec5f152-fd8b-9a9-9a9-c5e5c0e676cb 3aaf4ded-e0ec-31d-31d-efec2dbb3f8a b4804f85-ac57-2d2-2d2-f1c275fd8a0f 4a8cccf0-e0ea-eb7-eb7-beef48d34ff9 edaf0f77-a5b3-bdc-bdc-bdf3aac36bf5 66cef8f7-3be7-3c3-3c3-eefbb04d1f3d feeac7ae-bda4-476-476-bd68dd935701 a1f2a14d-2beb-390-390-71b7c8933ae7 18c00d8b-b6ba-66d-66d-bf1abff7564b 35c0a27b-cd0d-e5c-e5c-3277bdd93ed3 a2d15cc1-b785-5c2-5c2-7eeff43c1e3a etc. [rest of spam] ... perhaps a couple hundred lines of these random hex number sequences. These lines are almost certainly intended to avoid spam filtration. I have a couple of questions. * What's the nature of this style block (obviously not legit HTML styles)? Gibberish
SPAM message format, or not ?
I've been getting a lot of spams here with a format similar to: [snip] d171f2b7-af04-5a8-5a8-cee259c46b8f 9fc2adda-9160-c56-c56-feadd16b0acc cec5f152-fd8b-9a9-9a9-c5e5c0e676cb 3aaf4ded-e0ec-31d-31d-efec2dbb3f8a b4804f85-ac57-2d2-2d2-f1c275fd8a0f 4a8cccf0-e0ea-eb7-eb7-beef48d34ff9 edaf0f77-a5b3-bdc-bdc-bdf3aac36bf5 66cef8f7-3be7-3c3-3c3-eefbb04d1f3d feeac7ae-bda4-476-476-bd68dd935701 a1f2a14d-2beb-390-390-71b7c8933ae7 18c00d8b-b6ba-66d-66d-bf1abff7564b 35c0a27b-cd0d-e5c-e5c-3277bdd93ed3 a2d15cc1-b785-5c2-5c2-7eeff43c1e3a etc. [rest of spam] ... perhaps a couple hundred lines of these random hex number sequences. These lines are almost certainly intended to avoid spam filtration. I have a couple of questions. * What's the nature of this style block (obviously not legit HTML styles)? * Are there any characteristics of these emails which can be singled out for the purpose of blocking them? * Has anyone developed any rules to deal with these, either for SpamAssassin or any other filtering platform? I frequently just block IP addresses, however these come from amazonaws.com (Amazon) IP addresses, which may well overlap with legitimate amazon.com mail sources, so I'm looking for a way to block them with a finer tool. -- Lindsay Haisley | "The first casualty when FMP Computer Services | war comes is truth." 512-259-1190 | http://www.fmp.com| -- Hiram W Johnson