2018-04-10 18:52 GMT-03:00 David Jones :
> On 04/10/2018 04:47 PM, Leandro wrote:
>
>> 2018-04-10 17:49 GMT-03:00 Motty Cruz > motty.c...@gmail.com>>:
>>
>> I apologize here is the email headers and body
>>
>> https://pastebin.com/bgXrfKa
2018-04-10 17:49 GMT-03:00 Motty Cruz :
> I apologize here is the email headers and body
>
> https://pastebin.com/bgXrfKaQ
You should not take this domain mrface.com seriously because it is a TLD
used for free dynamic IP service (changeip.com).
There is even a fake Windows Update domain in thi
2018-04-03 10:27 GMT-03:00 Leandro :
> Hey guys. We just created an URL signature algorithm to be able to query
> an entire URL at our URIBL:
>
> https://spfbl.net/en/uribl/
>
> Now we are able to blacklist any malicious shortener URL. Now I will think
> about some public co
>
> We just created an URL signature algorithm to be able to query an entire
> URL at our URIBL:
>
> https://spfbl.net/en/uribl/
>
> Now we are able to blacklist any malicious shortener URL
>
>
> Leandro,
>
> Thanks for all you do! And good luck with that. But
>
> > > Then the frequency is 10 per second, not 100ms. Querying more often
> > > is a higher frequency.
> >
> > That is it! 10 per second or one every 100ms. The first is a flow rate
> and
> > the second is a frequency.
>
> One every 100ms is a frequency, agreed.
>
> Two every 100ms is a higher fr
2018-04-03 11:57 GMT-03:00 Dianne Skoll :
> On Tue, 3 Apr 2018 11:09:38 -0300
> Leandro wrote:
>
> > This means, for example, your system do 10 queries at same second,
> > then the query frequency is 100ms.
>
> In SI units, frequency has the unit s^(-1) and perio
2018-04-03 11:35 GMT-03:00 RW :
> On Tue, 3 Apr 2018 11:09:38 -0300
> Leandro wrote:
>
> > 2018-04-03 10:34 GMT-03:00 Antony Stone <
> > antony.st...@spamassassin.open.source.it>:
>
> > > "IMPORTANT: Current limit is 100 ms per IP block. Lower fr
>
> > >
> > > "IMPORTANT: Current limit is 100 ms per IP block. Lower frequencies
> > > require contribution. Please contact us informing your IP or range, for
> > > further details."
> >
> > This means, for example, your system do 10 queries at same second, then
> the
> > query frequency is 100ms.
2018-04-03 10:34 GMT-03:00 Antony Stone <
antony.st...@spamassassin.open.source.it>:
> On Tuesday 03 April 2018 at 15:27:11, Leandro wrote:
>
> > Hey guys. We just created an URL signature algorithm to be able to query
> an
> > entire URL at our URIBL:
> >
>
some simple AI.
All you have to do now is implement a SA plugin to make this signature and
do the URIBL query.
Regards,
Leandro
SPFBL.net
2018-04-01 2:47 GMT-03:00 Pedro David Marco :
> This is a problem i see oftenly...
>
> what if the URL is only in the TEXT part and not in the HTML? many email
> aplications show those URLs as clickable as if they were valid HTML HREFs
> when they are not...
>
We have a script that can extract
>
> > I don't know how to extract mail addresses of body, using SA. But you can
> > query each mail address at our URIBL, like a hostname but using scape for
> > arroba:
> >
> > ubuntu@matrix:~$ host flinn.flexer\@runtriz.com.uribl.spfbl.net
> > flinn.flexer\@runtriz.com.uribl.spfbl.net has address
2018-03-16 22:28 GMT-03:00 Alex :
> Hi,
>
> wetransfer.com is being used to send links to PDF phishing documents.
> It's otherwise a trusted service, and there's really nothing in the
> body to indicate it's dangerous or any different than other legitimate
> uses for the same service.
>
> https://
2018-03-13 15:13 GMT-03:00 Olivier Coutu :
> In the last few months, we have seen an increase of generic emails (e.g.
> regarding unpaid invoices) being sent with links to infected legitimate
> websites hosting malware. This malware often comes in the form of docs with
> macros e.g. https://pasteb
>
> On 02.03.18 10:12, Leandro wrote:
>
>> If the spammer uses the same domain at rDNS, when rotating IPs, our system
>> will list each new IP at first DNSBL query.
>>
>
> do you verify synthetic rDNS too? when do you blacklist whole /64 ?
>
> I mean: t
2018-03-07 5:52 GMT-03:00 Sebastian Arcus :
>
> 6. The links they include in the body of the email are almost never
> flagged up either by Clam or Spamassassin - and they point to a different
> domain in every single message.
>
Although they use multiple domains in the URLs at body, many of these
2018-03-05 11:12 GMT-03:00 Pedro David Marco :
> >Hiding an executable with a .jpg extension doesn't sound like a very
> >useful technique. The user would have to save the file, edit the file
> >name and then run it.
>
> I have seen spam with instructions like this... and you can bet some user
>
2018-03-03 23:21 GMT-03:00 Alex :
> Hi,
>
> I'm curious what people use to avoid malware executable being bypassed
> because their extensions are typically associated with file types that
> are not normally executable?
>
> https://twitter.com/jepayneMSFT/status/969742842410094593
>
> Do you just r
2018-03-02 10:08 GMT-03:00 Matus UHLAR - fantomas :
> On 02.03.18 09:58, Leandro wrote:
>
>> Hi Danilele! Our DNSBL works with individual /128 IPv6 addresses:
>>
>> http://spfbl.net/en/dnsbl/
>>
>> Even if the provider is offering less then /64 to customers, ou
.
Regards,
Leandro
SPFBL.net
2018-03-02 8:54 GMT-03:00 Daniele Duca :
> Hello list,
>
> apologies if this is not directly SA related. "Lately" I've started to
> notice that some (not saying names) VPS providers, when offering v6
> connectivity, sometimes tends to n
2018-02-27 9:03 GMT-03:00 Rob McEwen :
> On 2/26/2018 1:00 PM, Kevin A. McGrail wrote:
>
> DecodeShortURLs has been on my list of must-have plugins for years, so
> I was a little surprised it took so long for someone to mention it
> in this thread.
>
> Yeah, my firm is going to look at subsidizing
2018-02-26 10:41 GMT-03:00 Dianne Skoll :
> On Mon, 26 Feb 2018 00:07:54 -0600 (CST)
> David B Funk wrote:
>
> > So my bet is that the spammers are crafty enough to check things like
> > browser referrer, cookies, etc to detect/differentiate a browser vs a
> > link-checker.
>
> Yep. You need to
2018-02-26 3:07 GMT-03:00 David B Funk :
>
> Just be careful how you do that "expand redirections until no more
> redirections" or you may get caught in a spammer trap.
>
> If you're going thru a professional redirect site like goo.gl or bit.ly
> you're probably pretty safe but if it's a dedicated
How I unsubscribe this list ?!
- Original Message -
From: "jdow" <[EMAIL PROTECTED]>
To:
Sent: Thursday, October 13, 2005 6:34 AM
Subject: Re: Spam Assasin rule details
Blake, there is a perhaps annoying but effective option you can take.
Try running up three or four SpamAssassin c
How I can unsubscribe this list ?!
- Original Message -
From: "mouss" <[EMAIL PROTECTED]>
To: "Matt Kettler" <[EMAIL PROTECTED]>
Cc:
Sent: Wednesday, October 12, 2005 10:46 AM
Subject: Re: AWL annoyance
Matt Kettler a écrit :
mouss wrote:
some spams use the recipient address as
(excluse me for my bad english)
I receive spam mails with missing from.
subject: variable
body: empty
but I wan´t mark as spam mails with empty body.
Leandro.
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "jplesset" <[EMAIL PROTEC
How can I mark as spam mails with missing "From"
?
Thanks.
Leandro LATTANZIO.
27 matches
Mail list logo