Henrik K wrote:
On Sun, Jun 29, 2008 at 11:37:13PM -0700, Marc Perkel wrote:
I'd like to suggest an additional feature for the freemail plugin. If
you test the sending host through FCrDNS and determine that the sending
host is a freemail hostname (like google.com) then you should consider
it a freemail sender. Thus if the sending host is Google, but the
reply-to or an email address inside the message is yahoo, it's probably
spam.
Interesting idea, but google.com is not a freemail hostname (not used by
users). So this would require a list domains belonging to a certain rdns
(for example, google.com -> gmail.com,googlemail.com). I guess it could be
made for the few biggest hosters atleast. I'll have a look..
The idea is that a lot of fraud and phishing comes through the big
hosting providers like google, hotmail, and yahoo where they use the
same servers as legitimate email, so that you can't tell anything based
on the IP or do any kind of IP based blocking.
Keep in mind that spam always wants you to do something and in this kind
of spam they want you to reply to the email or reply to the address
within the message. They use a different reply to because the source is
often quickly shut down due to spamming. But the spammer changes sources
and preserves the reply-to so they can get responses lomg after being
shut down. But this is what gives them away.
I think we should put together a blacklist of embedded email addresses
and addresses spammers use to receive spam.