> Da: Chris Santerre [mailto:[EMAIL PROTECTED] > > > > I think that a SA plugin which resolves URIs would be enough: > > I received > > some of these spams, everyone containing a URI pointing to > > the very same web > No direct plugin, but URIBL will catch most of these fairly quickly. > Its not a new tactic, but has recently picked up on the spam runs. > Throw away domain names are on the rise this month. > > > host (124.0.208.235) also, the DNS server is: > > > > a) defined with two different names, but only one (again > > 124.0.208.235); > > > > b) the same of the web host in your case (in mines, it was a > > different one). > Pretty common. The whois info seems to match a pattern as well. > > > > By "black-listing" URI's host IPs, one could easily score > > high this kind of > > e-mails. Maybe there is also some RBL regarding web hosts, by > > the way. Is > > it? > > > > Such a plugin doesn't yet exists, anyway (or, at least, I > > don't know about > > it). > Again, no direct plugin for host IPs. You have to use URIBL and SURBL lookups. > But the time from initial spam run to being listed is pretty quick. The IP you > listed has been watched for over a month now. ;)
Yeah. I'm getting it from a couple of months. Are URIBL and RE taking any counter-actions, then? > Thanks, > Chris Santerre > SysAdmin and Spamfighter > www.rulesemporium.com > www.uribl.com Thank you, Chris. Giampaolo