On Wed, 11 Jan 2012, --[ UxBoD ]-- wrote:
The type of SPAM we are seeing is where legit companies are having their adverts cloned and the hyperlinks changed to spammy sites. Bayes is being by-passed due to the content looking valid so it is coming down to the IPs and domains. Had one yesterday where at 06:39 it was received by one of our clients and at 06:42 it appeared on one of the RBLs. I am guessing that it must have been a huge spam mailing that hit a lot of honeypots and people all at once. Downside is not a happy client ;(
Graylisting would be one answer to this particular senario. However it has the downside of delaying legit messages. Some clients seem to think that e-mail == IM and get PO'ed if messages don't arrive with seconds of sending. Actually had a faculty ask me how to set his T-bird to check for new messages every -second-, didn't want to wait a minute. ;( -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{