Re: exploitable LinkedIn forwarder/whatever

2016-05-17 Thread A. Schulze
Chip M.: *** Does anyone have a contact at LinkedIn ops? *** I informed LinkedIn and was asked to send the following response on behalf of Franck Martin: This email was not sent by Linkedin. Linkedin uses several lists to ensure the redirection does not end up to a known bad site. In

exploitable LinkedIn forwarder/whatever

2016-05-17 Thread Chip M.
Spotted a new exploited forwarder of some sort at LinkedIn - full spample: http://puffin.net/software/spam/samples/0041_linked_forward.txt Except for the munged "To" and "From" email addresses, that's the pristine network image. It came From a known friend at "swbell", who normally sends t

Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)

2016-05-17 Thread Dianne Skoll
On Tue, 17 May 2016 21:42:15 +0200 Reindl Harald wrote: > discuss that with the pople of SOBRS Aren't we just a ray of fucking sunshine? Luckily, I have http://search.cpan.org/~dskoll/Mail-ThreadKiller/ to help me out. Regards, Dianne.

Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)

2016-05-17 Thread Reindl Harald
Am 17.05.2016 um 20:19 schrieb Dianne Skoll: On Tue, 17 May 2016 18:50:29 +0200 Reindl Harald wrote: NOBODY is talking about BACKLIST short TTL it's all about de-listing when you got blacklisted for good reasons IMO, the TTL is a completely irrelevant factor when considering whether or no

Re: Reporting gmail spam to Google

2016-05-17 Thread Reindl Harald
Am 17.05.2016 um 20:30 schrieb Matus UHLAR - fantomas: On 17.05.16 09:10, Marc Perkel wrote: Is there any address that I can forward gmail spam to google for reporting? ab...@google.com should be the address (the mail was delivered to your network by *.google.com host, wasn't it?) and you

Re: Reporting gmail spam to Google

2016-05-17 Thread Matus UHLAR - fantomas
On 17.05.16 09:10, Marc Perkel wrote: Is there any address that I can forward gmail spam to google for reporting? ab...@google.com should be the address (the mail was delivered to your network by *.google.com host, wasn't it?) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.s

Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)

2016-05-17 Thread Dianne Skoll
On Tue, 17 May 2016 18:50:29 +0200 Reindl Harald wrote: > >> NOBODY is talking about BACKLIST short TTL > >> it's all about de-listing when you got blacklisted for good reasons > > IMO, the TTL is a completely irrelevant factor when considering > > whether or not to blacklist an IP. I do not be

Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)

2016-05-17 Thread Reindl Harald
Am 17.05.2016 um 17:25 schrieb Dianne Skoll: On Tue, 17 May 2016 17:14:37 +0200 Reindl Harald wrote: NOBODY is talking about BACKLIST short TTL it's all about de-listing when you got blacklisted for good reasons IMO, the TTL is a completely irrelevant factor when considering whether or not

Re: Reporting gmail spam to Google

2016-05-17 Thread John Hardin
On Tue, 17 May 2016, Marc Perkel wrote: Is there any address that I can forward gmail spam to google for reporting? Theoretically -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E7

Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)

2016-05-17 Thread Bill Cole
On 16 May 2016, at 10:24, jdebert wrote: On Mon, 16 May 2016 12:25:10 +0100 Dominic Benson wrote: Accepting that not all ISPs are as helpful as they might be, I can't easily think of a legitimate reason for needing the TTL on the PTR of a mail server to be small, so if a blacklist operator f

Reporting gmail spam to Google

2016-05-17 Thread Marc Perkel
Is there any address that I can forward gmail spam to google for reporting? -- Marc Perkel - Sales/Support supp...@junkemailfilter.com http://www.junkemailfilter.com Junk Email Filter dot com 415-992-3400

Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)

2016-05-17 Thread Dianne Skoll
On Tue, 17 May 2016 17:14:37 +0200 Reindl Harald wrote: > NOBODY is talking about BACKLIST short TTL > it's all about de-listing when you got blacklisted for good reasons IMO, the TTL is a completely irrelevant factor when considering whether or not to blacklist an IP. I do not believe there's

Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)

2016-05-17 Thread Reindl Harald
Am 16.05.2016 um 16:24 schrieb jdebert: On Mon, 16 May 2016 12:25:10 +0100 Dominic Benson wrote: Accepting that not all ISPs are as helpful as they might be, I can't easily think of a legitimate reason for needing the TTL on the PTR of a mail server to be small, so if a blacklist operator f

Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)

2016-05-17 Thread jdebert
On Mon, 16 May 2016 12:25:10 +0100 Dominic Benson wrote: >> Accepting that not all ISPs are as helpful as they might be, I can't > easily think of a legitimate reason for needing the TTL on the PTR of > a mail server to be small, so if a blacklist operator finds it an > effective way to manage re

Re: FSL_HELO_HOME FPs

2016-05-17 Thread RW
On Mon, 16 May 2016 21:28:40 -0400 Alex wrote: > I've seen a significant number of FSL_HELO_BARE_IP_2 also hitting a > lot of ham, and just wanted to make sure, with such a high score, it > was also not FP prone... Is that recently? Before February there was a bug that caused most of what should

Re: FSL_HELO_HOME FPs

2016-05-17 Thread Reindl Harald
Am 17.05.2016 um 03:28 schrieb Alex: Hi, On Mon, May 16, 2016 at 9:15 AM, RW wrote: On Sun, 15 May 2016 20:58:41 -0700 (PDT) John Hardin wrote: On Sun, 15 May 2016, Alex wrote: Is that score really warranted? For example: Received: from host82.torus.pl (91.209.116.82) (HELO [192.168.20.