On 18/07/2018 17:08, Rupert Gallagher wrote:
OK at a second glance I would say rejected upfront again, because
its From domain is NXDOMAIN.
I interpreted the From: in the .txt as being a body header, because, as
you pointed out, if it was an envelope header then the email should have
never
OK at a second glance I would say rejected upfront again, because its From
domain is NXDOMAIN.
On Wed, Jul 18, 2018 at 14:34, Daniele Duca wrote:
> On 18/07/2018 14:22, Rupert Gallagher wrote:
>
>> At first glance I would say rejected upfront, because the client
>> 180.252.178.204 does not
On 18/07/2018 14:22, Rupert Gallagher wrote:
At first glance I would say rejected upfront, because the client
180.252.178.204 does not have RDNS. No need for SA.
I wish I could 5xx last untrusted relays without rdns without having the
company's phones melt :)
Daniele
At first glance I would say rejected upfront, because the client
180.252.178.204 does not have RDNS. No need for SA.
On Wed, Jul 18, 2018 at 02:00, Chip M. wrote:
> http://puffin.net/software/spam/samples/0058_extortion_numeric_domain.txt
On Wednesday, July 18, 2018, 6:58:54 AM GMT+2, Bill Cole
wrote:
>> 3. Pure numeric TLDs appear to be non existent (so far!)
>I expect that this will hold true for a long time.
Bill, do not speak loud! truth is stranger than fiction :-(
---PedroD
And in addition...
On 17 Jul 2018, at 20:00 (-0400), Chip M. wrote:
> 3. Pure numeric TLDs appear to be non existent (so far!)
I expect that this will hold true for a long time.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com
On 17 Jul 2018, at 20:00 (-0400), Chip M. wrote:
There's a new morph of the porn extortion campaign, with some
interesting under-the-hood changes.
The previous ones were always:
- two "quoted-printable" parts (plain text, html)
- "From" Outlook accounts
- sent via Outlook/Hotmail/MS IPs (no
On Tue, 17 Jul 2018, John Hardin wrote:
On Tue, 18 Jul 2018, Chip M. wrote:
Here's the SA test stats for 13 of this new morph:
FORGED_MUA_MOZILLA 1
HTML_MESSAGE 13
HTML_MIME_NO_HTML_TAG 13
LOCALPART_IN_SUBJECT 13
MIME_BASE64_TEXT9
On Tue, 18 Jul 2018, Chip M. wrote:
Here's the SA test stats for 13 of this new morph:
FORGED_MUA_MOZILLA 1
HTML_MESSAGE 13
HTML_MIME_NO_HTML_TAG 13
LOCALPART_IN_SUBJECT 13
MIME_BASE64_TEXT9
MIME_HTML_ONLY 13
RCVD_IN_SORBS_DUL
On Tue, 18 Jul 2018, Chip M. wrote:
Here's the SA test stats for 13 of this new morph:
FORGED_MUA_MOZILLA 1
HTML_MESSAGE 13
HTML_MIME_NO_HTML_TAG 13
LOCALPART_IN_SUBJECT 13
MIME_BASE64_TEXT9
MIME_HTML_ONLY 13
RCVD_IN_SORBS_DUL
There's a new morph of the porn extortion campaign, with some
interesting under-the-hood changes.
The previous ones were always:
- two "quoted-printable" parts (plain text, html)
- "From" Outlook accounts
- sent via Outlook/Hotmail/MS IPs (no other IPs in route)
- passed both DKIM and SPF
The
11 matches
Mail list logo