On 11/7/2013 6:00 PM, Owen Mehegan wrote: > Thanks in advance for any advice anyone can offer!
fwiw, of the 4 spam examples, ivmURI had blacklisted one or more domains in ALL 4 out of 4 samples at least several minutes BEFORE those spams hit your server (some days or weeks before). In a large portion of those (1/2 or more), I'm fairly sure that ivmURI was the ONLY URI/domain blacklist to have the domain blacklisted at the time the message hit your network. (I'm unable to verify if DBL had caught it at that time and/or some of those could have been "a game of inches" where ivmURI and other lists had just listed it moments before and it would be somewhat of a propagation issue... but, overall, I think if I provided the date/times that these were blacklisted on ivmURI... that assertion would "check out" and the raw data would be rather impressive!) If you keep seeing these, check the domains on multirbl.valli.org ...and you'll see in real time what I'm talking about! -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032