Michael Scheidell wrote:
#2, hallmark ITSELF has broken spf records (componds the problem)
That IS the problem as I understand it. It appears that Hallmark has
made a legitimate effort to publish an accurate SPF record identifying
their systems. Unfortunately the record is unnecessarily to
> -Original Message-
> From: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED]
> Sent: Saturday, August 04, 2007 4:08 AM
> To: users@spamassassin.apache.org
> Subject: Re: hallmark greeting card spam and broken spf records.
>
>
> > On Friday 03 August 20
> On Friday 03 August 2007, Michael Scheidell wrote:
> > (yes, spf is broken) especially when companies like hallmark, who know
> > they are being used as 'phishing' targets list the whole world as
> > authoritative mail servers.
That does not mean "spf is broken". MX is not broken when someone se
> On Fri, Aug 03, 2007 at 11:17:30PM +0200, Matus UHLAR - fantomas wrote:
> > also, not everyone is using SARE rules, and I think that until SA devels
> > won't trust them to include them into SA, many admins will not install them.
On 03.08.07 18:14, Theo Van Dinter wrote:
> fwiw, it has nothing t
On Friday 03 August 2007, Michael Scheidell wrote:
> (yes, spf is broken) especially when companies like hallmark, who know
> they are being used as 'phishing' targets list the whole world as
> authoritative mail servers.
>
> I say damn them all, blacklist hallmark till they at least fix their spf
On Fri, Aug 03, 2007 at 11:17:30PM +0200, Matus UHLAR - fantomas wrote:
> also, not everyone is using SARE rules, and I think that until SA devels
> won't trust them to include them into SA, many admins will not install them.
fwiw, it has nothing to do with trust. SA (and all the rules, etc,)
are
> -Original Message-
> From: McDonald, Dan [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 03, 2007 2:45 PM
> To: users@spamassassin.apache.org
> Subject: Re: hallmark greeting card spam and broken spf records.
>
> On Fri, 2007-08-03 at 13:26 -0400, Michael Sche
> Rocco Scappatura schrieb:
> >It is possible to block the spam sent by GreetingCards.com which invites
> >the receiver to access an URL and browse the ecard?
> >
> >I mean that spam which has subject similar to:
> >
> >You've received a greeting ecard from a Colleague!
On 03.08.07 17:51, arni wro
On Fri, 3 Aug 2007, Michael Schout wrote:
> Here is my rule that traps them. I have not seen any get through
> after this:
>
> body LOCAL_POSTCARD_URL m'http://\d+\.\d+\.\d+\.\d+/\?[0-9a-f]{8,}'
> describe LOCAL_POSTCARD_URL Body contains postcard scam url
> scoreLOCAL_POSTCARD_URL 3.
On Fri, 3 Aug 2007, Michael Scheidell wrote:
> Subject: [SPAM]You have recieved a Hallmark E-Card !
http://www.impsec.org/~jhardin/antispam/postcards.cf has been updated
for this subject line, and also for some new domain names.
--
John Hardin KA7OHZhttp://www.impsec.org/~j
On Fri, 2007-08-03 at 13:26 -0400, Michael Scheidell wrote:
> (yes, spf is broken) especially when companies like hallmark, who know
> they are being used as 'phishing' targets list the whole world as
> authoritative mail servers.
>
> I say damn them all, blacklist hallmark till they at least fi
(yes, spf is broken) especially when companies like hallmark, who know
they are being used as 'phishing' targets list the whole world as
authoritative mail servers.
I say damn them all, blacklist hallmark till they at least fix their spf
records: (i suspect its the :12" "9 )? shb a period?
o
Rocco Scappatura schrieb:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
BR,
rocsca
I really dont understand (o
Duane Hill wrote:
> There is already a test SA does for a dotted-decimal IP in a URL:
Yeah, I was afraid of false positives by raising the score of that rule.
So I made my own rule that only matches these specific urls (with the
MD5 sum) instead.
Regards,
Michael Schout
On Fri, 3 Aug 2007 at 08:03 -0500, [EMAIL PROTECTED] confabulated:
Rocco Scappatura wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
All of the ones I have received have a url with a numeric ip, followed
by usu
Rocco Scappatura wrote:
> It is possible to block the spam sent by GreetingCards.com which invites
> the receiver to access an URL and browse the ecard?
All of the ones I have received have a url with a numeric ip, followed
by usually a 32 character string in the url (MD5 hash?).
Here is my rule
Rocco Scappatura escribió:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
BR,
rocsca
I asked something about c
Rocco wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
Hi Rocco,
those I looked at all had a numeric ip in the ur
On Tue, Jul 31, 2007 at 10:03:30AM +0200, Rocco Scappatura wrote:
> It is possible to block the spam sent by GreetingCards.com which invites
> the receiver to access an URL and browse the ecard?
>
> I mean that spam which has subject similar to:
>
> You've received a greeting ecard from a Colleag
On Tuesday 31 July 2007, Rocco Scappatura wrote:
> It is possible to block the spam sent by GreetingCards.com which invites
> the receiver to access an URL and browse the ecard?
>
> I mean that spam which has subject similar to:
>
> You've received a greeting ecard from a Colleague!
Mine stops it
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
BR,
rocsca
21 matches
Mail list logo