In article [EMAIL PROTECTED], John Rudd [EMAIL PROTECTED]
writes
I'm _highly_ skeptical that emailebay.com has anything to do with ebay.com.
Registrant:
eBay Inc.
2145 Hamilton Avenue
San Jose, CA 95125
US
Domain name: EMAILEBAY.COM
Registrar of Record: TUCOWS, INC.
Record last updated
You didn't read what I actually said.
I didn't say the domain didn't look right. I said the IP address
registration didn't look right.
nslookup ebay.com
Name: ebay.com
Address: 66.135.192.87
whois 66.135.192.87
OrgName:eBay, Inc
OrgID: EBAY
Address:
R Lists06 wrote:
Looks quite a bit different to me.
Not really
Do a
dig -x 216.33.156.118
then do a dig -x 216.33.157.1
notice my simple change
and see that it appears that it just hasn't been swip'd yet
I'm not sure what your point is. Yes, the latter tells you that the PTR
Someone, quite probably John Rudd, once wrote:
Kevin Golding wrote:
In article [EMAIL PROTECTED], John Rudd [EMAIL PROTECTED]
writes
I'm _highly_ skeptical that emailebay.com has anything to do with ebay.com.
Registrant:
eBay Inc.
2145 Hamilton Avenue
San Jose, CA 95125
US
Domain
Maybe they're better suited to one of the other lists such as spam-l?
Mr Michele Neylon
Blacknight Solutions
Hosting Colocation, Brand Protection
http://www.blacknight.ie/
http://blog.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59 9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Michele Neylon :: Blacknight wrote:
Maybe they're better suited to one of the other lists such as spam-l?
May I suggest news.admin.net-abuse.email
--
Andreas
Phil Barnett wrote:
On Tuesday 12 December 2006 07:28, JamesDR wrote:
There is nothing in SPF to keep a spammer with a botnet from putting
0.0.0.0/0 as their approved domain limit.
Sounds like a good spam sign to me. Let the spammers put 0.0.0.0/0 in
their spf records, I'll pop in 3 points for
JamesDR wrote:
Even better. If they give me a giant subnet of SPF records, I know
exactly what IP's I don't want connecting to my mail server. If a
spammer sends a spam from a subnet, passes SPF. I will and have gone,
looked at their record and blocked what they say is 'allowed' to send me
James Davis wrote:
JamesDR wrote:
Even better. If they give me a giant subnet of SPF records, I know
exactly what IP's I don't want connecting to my mail server. If a
spammer sends a spam from a subnet, passes SPF. I will and have gone,
looked at their record and blocked what they say is
On Wed, Dec 13, 2006 at 10:43:40AM -0500, JamesDR wrote:
accept the mail from forged addresses, I don't know. I'm making the
point that -- if a spammer says hey, these bots are allowed to send
spam for my domain then you know right away who to block. Even if it is
The issue is that SPF only
JamesDR wrote:
Phil Barnett wrote:
On Tuesday 12 December 2006 07:28, JamesDR wrote:
There is nothing in SPF to keep a spammer with a botnet from putting
0.0.0.0/0 as their approved domain limit.
Sounds like a good spam sign to me. Let the spammers put 0.0.0.0/0 in
their spf records, I'll pop
On Wed, 13 Dec 2006, JamesDR wrote:
Bot masters can easily set up SPF addresses that will encompass giant
subnets
of bots. You'll never know where to draw the line.
Even better. If they give me a giant subnet of SPF records, I know
exactly what IP's I don't want connecting to my mail
John D. Hardin wrote:
What if they include the subnet containing AOL's outbound MX hosts?
Waitaminit, bad example...
:-D
What if they include the subnet containing Apache's outbound MX hosts?
As I said before, score on the total number of the hosts matched by
the SPF record. Anything
Well, I have a simple plan. Spammers are inherently greedy,
right? Why not offer a $25k-$25mil a head bounty on any spammer captured
and brought to justice? Even if we can't convict them on crimes of
spamming, we can certainly get them on fraud and other things. There's
plenty of
Duncan Hill wrote:
On Monday 11 December 2006 16:16, John Rudd wrote:
Duncan Hill wrote:
I just finished a very quick test of the Botnet tool, and the sheer
number of FPs against eBy mail coming from eBay's servers was staggering
- literally every single mail from eBay. It also, for my
Steve Thomas wrote:
Once again, Perkel clutters the SpamAssassin list with a non-SpamAssassin
discussion. One which, IIRC, he's just rehashing from a year or so ago
(are we going to see a rehash of the the future of email storage is sql
thread, too?). There are FAR more appropriate forums for
Steve Thomas wrote:
Once again, Perkel clutters the SpamAssassin list with a non-SpamAssassin
discussion. ...Is anyone else getting tired of this? ...have nothing to do
with SA. What's the point of having a
topical mailing list if nobody cares that the discussion is off-topic?
Dhawal wrote:
On Tuesday, December 12, 2006, 12:29:26 AM, Rob McEwen wrote:
It is just these types of
discussions which led to things like SURBL and fuzzyOCR.
In the interests of preserving some history, SURBLs were not
created as a result of discussions here. We created SURBLs
concurrently with Eric Kolve
Phil Barnett wrote:
On Monday 11 December 2006 16:50, JamesDR wrote:
Would you care to elaborate on why SPF doesn't work for sender
verification? Its pretty simple, doesn't get much more simple that what
SPF does... If SPF doesn't work, nothing will.
There is nothing in SPF to keep a spammer
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 12, 2006 6:49 AM
To: Rob McEwen
Cc: users@spamassassin.apache.org
Subject: Re: Filtering THIS list (Re: Breaking up the Bot army - we need a
plan)
On Tuesday, December 12, 2006, 12:29:26 AM, Rob McEwen wrote:
It is just these types of
discussions
Jeff Chan wrote:
On Tuesday, December 12, 2006, 12:29:26 AM, Rob McEwen wrote:
It is just these types of
discussions which led to things like SURBL and fuzzyOCR.
In the interests of preserving some history, SURBLs were not
created as a result of discussions here. We created SURBLs
Dhawal said:
Also from my limited memory, a fuzzyocr like implementation existed on
antispan.imp.ch long before it was discussed on the sa-users list.
Someone can correct me if this is incorrect information.
And, like SURBL, regardless of the official origin of the idea, I know for a
fact that
Rob McEwen wrote:
Dhawal said:
Also from my limited memory, a fuzzyocr like implementation existed on
antispan.imp.ch long before it was discussed on the sa-users list.
Someone can correct me if this is incorrect information.
And, like SURBL, regardless of the official origin of the idea, I
Rob McEwen wrote:
Steve Thomas wrote:
Once again, Perkel clutters the SpamAssassin list with a non-SpamAssassin
discussion. ...Is anyone else getting tired of this? ...have nothing to do
with SA. What's the point of having a
topical mailing list if nobody cares that the discussion is
JamesDR wrote:
Phil Barnett wrote:
On Monday 11 December 2006 16:50, JamesDR wrote:
Would you care to elaborate on why SPF doesn't work for sender
verification? Its pretty simple, doesn't get much more simple that what
SPF does... If SPF doesn't work, nothing will.
There is nothing in SPF
On Tuesday 12 December 2006 07:28, JamesDR wrote:
There is nothing in SPF to keep a spammer with a botnet from putting
0.0.0.0/0 as their approved domain limit.
Sounds like a good spam sign to me. Let the spammers put 0.0.0.0/0 in
their spf records, I'll pop in 3 points for good measure.
On Tuesday, December 12, 2006, 5:52:33 AM, Dhawal Doshy wrote:
I am not against off-topic discussions (and also indulge in a few when
appropriate), what i am tired of is 'Perkel', have a look at some of the
threads started by him..
Breaking up the Bot army - we need a plan
Who wants my spam
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Monday, December 11, 2006 8:49 AM
To: users@spamassassin.apache.org
Subject: Breaking up the Bot army - we need a plan
We can talk about other things but I'll stop here to focus on
the bot army.
I think you
On Monday 11 December 2006 15:57, Duncan, Brian M. wrote:
ISP's client address). The places I've been using it, and the people I
hear about who are using it, have seen a high degree of success.
It can be downloaded from:
http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar
I just
Duncan Hill wrote:
On Monday 11 December 2006 15:57, Duncan, Brian M. wrote:
ISP's client address). The places I've been using it, and the people I
hear about who are using it, have seen a high degree of success.
It can be downloaded from:
On Mon, 11 Dec 2006, Duncan, Brian M. wrote:
From: Marc Perkel [mailto:[EMAIL PROTECTED]
We can talk about other things but I'll stop here to focus on
the bot army.
I think you are preaching to the wrong crowd.
If you want to help lower your Spam from botnets look into the
botnet
On Monday 11 December 2006 16:16, John Rudd wrote:
Duncan Hill wrote:
I just finished a very quick test of the Botnet tool, and the sheer
number of FPs against eBy mail coming from eBay's servers was staggering
- literally every single mail from eBay. It also, for my testing, hit on
a
Again I think you are preaching to the wrong crowd.
No offense meant.
Please distinguish between filtering spam (a solution that
keeps spam out of your mailbox) and changing the protocols
and/or ISP behavior to make spamming more difficult (a
solution which keeps spam off the wire in the
Duncan Hill wrote:
On Monday 11 December 2006 16:16, John Rudd wrote:
Duncan Hill wrote:
I just finished a very quick test of the Botnet tool, and the sheer
number of FPs against eBy mail coming from eBay's servers was staggering
- literally every single mail from eBay. It also, for my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc Perkel wrote:
How do we isolate
end users so that they can't get viruses as easily and spread them as
easily?
That would seem to be the job of filters, either upstream from the
end-users or installed on their computers. Upstream solutions
John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and provides so service from home. So
I would not want to be prohibited from running an email server from
home. But if I had to got to a web panel that my ISP provided to open
up ports that would be fine with me.
I'm
From: John Rudd [mailto:[EMAIL PROTECTED]
Marc Perkel wrote:
I'm someone who works from home and
provides so service from home. So I would not want to be
prohibited from
running an email server from home. But if I had to got to a web panel
that my ISP provided to open up ports that
Matthias Keller wrote:
John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and provides so service from home. So
I would not want to be prohibited from running an email server from
home. But if I had to got to a web panel that my ISP provided to open
up ports that would be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthias Keller wrote:
And just closing port 25 outgoing wont help for long as spammers just
switch to submission port
Yes, but the point of using a submission port to segregate the traffic
channels is not to obfuscate things for spammers, it's to
On Mon, 11 Dec 2006, John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and
provides so service from home. So I would not want to be prohibited from
running an email server from home. But if I had to got to a web panel
that my ISP provided to open up ports that would
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our outgoing
email be channeled through our ISP's mail server, instead of having
our customer-assigned IP addresses
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
Since when? If I rejected mail on that condition I would never have
received your message.
Daryl
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our outgoing
email be channeled through our ISP's mail server, instead of having
our customer-assigned
John D. Hardin wrote:
On Mon, 11 Dec 2006, John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and
provides so service from home. So I would not want to be prohibited from
running an email server from home. But if I had to got to a web panel
that my ISP provided to open up
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daryl C. W. O'Shea wrote:
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
Since when? If I rejected mail on
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
There are two things that are wrong with that statement.
1) MX records are a good idea, not an absolute
Matthias Keller wrote:
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our
outgoing email be channeled through our ISP's mail server, instead
of having
so what is wrong with a MTA that
- checks helo and just takes a note
- accepts smtp auth, if provided (and erases bad notes from the helo in that
case)
- accepts an optional second helo after the auth and discards it
- accepts mail from and rcpt to
... and at the first rcpt to issues a 5xx if the
Robert LeBlanc wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daryl C. W. O'Shea wrote:
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
Since when? If I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Rudd wrote:
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
There are two things that are wrong with that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daryl C. W. O'Shea wrote:
You said that if you're only expecting
mail from non-local domains (MX-to-MX) on port 25 you can reject hosts
if they don't have an MX record. That's not true and that's what I said.
As I conceded in another post a few
Robert LeBlanc wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Rudd wrote:
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
There are two things that
JamesDR wrote:
SPF already does this
poorly.
We need something that actually works.
Robert LeBlanc wrote:
My mistake, then; thanks for the clarification. I suppose what we
need, then, is something like a TX record for helping to identify
outbound mail servers.
That already exists. It's called SPF.
--
Bowie
John Rudd wrote:
JamesDR wrote:
SPF already does this
poorly.
We need something that actually works.
And what would you do differently? An SPF record is basically just a list
of valid mail servers for a domain plus a bit of information about how
strict the domain wants to be
On Mon, 11 Dec 2006, Matthias Keller wrote:
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
And forcing users to use their ISP's mail server efficively defeats SPF
How so?
I'm assuming a home business owner owns and uses their own domain and
has the ability
On Mon, 11 Dec 2006, John Rudd wrote:
Think open relay. The ISP mailserver should only be accepting mail
*from* their domain or *to* their domain. Mail from and to domains
they don't own should be blocked.
I think you're mis-stating this.
1) Being an open relay isn't about accepting
On Mon, 11 Dec 2006, Robert LeBlanc wrote:
My mistake, then; thanks for the clarification. I suppose what we
need, then, is something like a TX record for helping to
identify outbound mail servers.
SPF
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL
On Mon, 11 Dec 2006, Marc Perkel wrote:
All outgoing email from consumers should by default be required to
use authenticated SMTP or some new authenticated protocol.
Unfortunately this is defeated by a Remember this password? option
in the mail client. A bot can easily retrieve the
John Rudd wrote:
JamesDR wrote:
SPF already does this
poorly.
We need something that actually works.
Would you care to elaborate on why SPF doesn't work for sender
verification? Its pretty simple, doesn't get much more simple that what
SPF does... If SPF doesn't work, nothing
John D. Hardin wrote:
On Mon, 11 Dec 2006, Marc Perkel wrote:
All outgoing email from consumers should by default be required to
use authenticated SMTP or some new authenticated protocol.
Unfortunately this is defeated by a Remember this password? option
in the mail client. A bot can easily
Matthias Keller wrote:
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our
outgoing email be channeled through our ISP's mail server, instead
of having
JamesDR wrote:
John Rudd wrote:
JamesDR wrote:
SPF already does this
poorly.
We need something that actually works.
Would you care to elaborate on why SPF doesn't work for sender
verification? Its pretty simple, doesn't get much more simple that what
SPF does... If SPF doesn't
On Mon, 11 Dec 2006, John Rudd wrote:
I look up the SPF record for foo.com. It says: +all
...so the SPF spec has some holes that permit abuse. Tighten the spec
my prohibiting +all and +0.0.0.0/1 +8.0.0.0/1 and similar nonsense,
and/or modify SPF client implementations to place an upper limit
In my above example, SPF did nothing useful. And, my example shows
exactly why SPF does not help at all with the spambot
problem. If I'm a
spambot wrangler, I create a group of throw-away domains, put in SPF
records for them that say +all, and then send out my storm of spam.
Then I
On Mon, 2006-12-11 at 14:41 -0800, Bret Miller wrote:
took me almost 2 months to get all the issues straightened out after we
moved and changed ISPs. Everything's an extra cost option. But I have
a nice list now, so next time they all get negotiated as included
before we sign the contract.
John D. Hardin wrote:
This doesn't mean SPF is crap.
As SPF currently exists, it is crap.
On Monday 11 December 2006 16:50, JamesDR wrote:
Would you care to elaborate on why SPF doesn't work for sender
verification? Its pretty simple, doesn't get much more simple that what
SPF does... If SPF doesn't work, nothing will.
There is nothing in SPF to keep a spammer with a botnet from
On Mon, 11 Dec 2006, Bret Miller wrote:
OTOH, I can see where a spammer could easily register a bunch of
domains, and then update the SPF records to include the specific
spambots that are delivering e-mail from each domain.
That's not a problem. That means you can with high confidence toss
John Rudd wrote:
a) if you're big, have reverse DNS that works, looks like a server, and
doesn't look like a client (ie. the things Botnet looks for).
b) if you're small:
i) try to get your ISP to do the right thing (above) with your
reverse DNS, or
ii) get a hosted service that does
From: news [mailto:[EMAIL PROTECTED] Behalf Of Mark Nienberg
I think the false positives are coming almost entirely from small
businesses running
an in-house exchange server. I also think that a lot of them use
a filtering service
like postini in front of their exchange machine,
Once again, Perkel clutters the SpamAssassin list with a non-SpamAssassin
discussion. One which, IIRC, he's just rehashing from a year or so ago
(are we going to see a rehash of the the future of email storage is sql
thread, too?). There are FAR more appropriate forums for these non-SA
related
Am Montag, 11. Dezember 2006 23:41 schrieb Bret Miller:
So perhaps SPF should consider removing +all as an option.
Realisticly anyone that has to say my e-mail might come from
anywhere is contributing to the problem and probably deserves to
have e-mail bounced.
sounds like a possible SA
Am Dienstag, 12. Dezember 2006 05:09 schrieb Steve Thomas:
Is anyone else getting tired of this? Forty eight messages on the
SA list today that have nothing to do with SA. What's the point of
having a topical mailing list if nobody cares that the discussion
is off-topic?
if you're so opposed
74 matches
Mail list logo
