Pete, One of these was EarthLink [207.217.120.227], and one of these was Google Mail [64.233.166.182].
SpamBag lists the EarthLink address as a source of bogus bounces, and I posit that this would be the source of the mail to the spamtraps that would trigger the F001 bot. I would like to state that I don't need Message Sniffer to identify servers that send bogus postmaster notifications. This would be entirely due to false positives such as the three examples above. Given that spammers clearly recycle their email database as a fake-mailfrom database, any spamtrap address will get bogus bounces and therefore, the spamtraps will flag legitimate senders' IP addresses in Rule 63. I don't expect nor want you to discuss the details of the spamtraps as the point of one class of your spamtraps is that their methods are secret. However, Matt has described a subset of the filters various Decluders have used to filter out postmaster bounces and other reflected noise, and I can certainly chip in on that conversation offline. Andrew. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Monday, March 06, 2006 3:18 PM > To: Darin Cox > Subject: Re[2]: [sniffer] New Rulebot F001 > > On Monday, March 6, 2006, 3:42:50 PM, Darin wrote: > > DC> We just reviewed this morning's logs and had a few false > positives. > DC> Not sure if these are due to the new rulebot, but it's more than > DC> we've had for the entire day for the past month. > > DC> Rules > DC> ---------- > DC> 873261 > DC> 866398 > DC> 856734 > DC> 284831 > DC> 865663 > > Three of these are from F001 and have been removed. > > 865663 - http://www.dnsstuff.com/tools/ip4r.ch?ip=64.233.166.182 > http://www.dnsstuff.com/tools/ptr.ch?ip=64.233.166.182 > > 856734 - http://www.dnsstuff.com/tools/ip4r.ch?ip=64.249.82.200 > http://www.dnsstuff.com/tools/ptr.ch?ip=64.249.82.200 > > 873261 - http://www.dnsstuff.com/tools/ip4r.ch?ip=207.217.120.227 > http://www.dnsstuff.com/tools/ptr.ch?ip=207.217.120.227 > > > I haven't yet processed the fps, only looked up the rules. > > There are currently 32820 rules authored by the F001 bot. > > Hope this helps, > > _M > > > > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
