You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Nigel Frankcom <ni...@blue-canoe.net> on 2005/04/12 22:39:02 UTC
I like this one.... Particularly the BS from Yahoo.....
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
b=FU1UmmgKvRlCBEUg1CKomcMMxShgfcM6WKgaJSOKD9D0tUHOxKzy603V5zIMC3MtpLdfh9CN/aRG7HzHYI2nIPlWHYJyO8PxAAl3qroxRQY3KDINcs+qaZSygSnd/nXp+5Yk1fezlUnFxDtEdUcy5YEQ676bu/ksh4+xL8UWivM=
;
Hmmm - that worked well then.....
Anyone else getting these or have I just annoyed someone? :-D
Admittedly, annoying Yahoo may not necessarily be a bad thing....
Nigel
>Received: by mtspro.co.uk (MTSPro MTSAgent 1.60) ; Tue, 12 Apr 2005 13:24:42 +0100
> for <***@**********.***>
>Received: from yahoo.com (216.109.112.135, Peer IP=[216.155.196.189]) by mtspro.co.uk (MTSPro MTSSmtp 1.61); Tue, 12 Apr 2005 13:24:26 +0100
> for <***@**********.***>
>Received: (qmail 65470 invoked by uid 60001); 12 Apr 2005 12:24:10 -0000
>Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
>DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
> s=s1024; d=yahoo.com;
> b=FU1UmmgKvRlCBEUg1CKomcMMxShgfcM6WKgaJSOKD9D0tUHOxKzy603V5zIMC3MtpLdfh9CN/aRG7HzHYI2nIPlWHYJyO8PxAAl3qroxRQY3KDINcs+qaZSygSnd/nXp+5Yk1fezlUnFxDtEdUcy5YEQ676bu/ksh4+xL8UWivM= ;
>Message-ID: <20...@web61210.mail.yahoo.com>
>Received: from [80.248.64.59] by web61210.mail.yahoo.com via HTTP; Tue, 12 Apr 2005 05:24:10 PDT
>Date: Tue, 12 Apr 2005 05:24:10 -0700 (PDT)
>From: collins oforma <uc...@yahoo.com>
>Subject: REGUEST FOR YOUR URGENT CORPERATION;
>To: uchie_95@yahoo.com
>MIME-Version: 1.0
>Content-Type: multipart/alternative; boundary="0-2060016952-1113308650=:64127"
>X-Envelope-Sender: <uc...@yahoo.com>
>X-Envelope-Receiver: <***@**********.***>
>X-Spam-RBLReport: <dns:yahoo.com.fulldom.rfc-ignorant.org> [127.0.0.4]
> <dns:59.64.248.80.bl.spamcop.net?type=TXT> ["Blocked - see http://www.spamcop.net/bl.shtml?80.248.64.59"]
> <dns:yahoo.com> [216.109.112.135, 66.94.234.13]
>X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on snakepit.blah
>X-Spam-Level: *
>X-Spam-Status: No, score=1.2 required=6.0 tests=BAYES_40,HTML_30_40,
> HTML_MESSAGE,RCVD_FAKE_HELO_DOTCOM,RCVD_IN_BL_SPAMCOP_NET,
> SUBJ_ALL_CAPS,UPPERCASE_75_100 autolearn=no version=3.0.2
>X-Spam-Report:
> * 0.4 RCVD_FAKE_HELO_DOTCOM Received contains a faked HELO hostname
> * 0.7 SUBJ_ALL_CAPS Subject is all capitals
> * 0.0 HTML_30_40 BODY: Message is 30% to 40% HTML
> * -1.1 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
> * [score: 0.2193]
> * 0.0 HTML_MESSAGE BODY: HTML included in message
> * 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> * [Blocked - see <http://www.spamcop.net/bl.shtml?80.248.64.59>]
> * 0.0 UPPERCASE_75_100 message body is 75-100% uppercase
>
>REGUEST FOR YOUR URGENT CORPERATION;
>
>I AM MR UCHIE OFORMA, MANAGER CREDIT AND ACCOUNTS DEPARTMENT OF AFRICAN DEVELOPMENT BANK PLC.(ADB). I AM FORTY-FOUR 44 YEARS OLD.
>
>I GOT YOUR CONTACT ON THE NET DURING MY GUEST FOR A
>RELIABLE AND REPUTABLE PERSON TO HANDLE A VERY
>CONFIDENTIAL BUSINESS, WHICH INVOLVES THE PATICIPATION OF A GOOD FORIEGNER.
>
>SIR, A BRITISH BUSINESS WOMAN BY NAME MISS CECILIA TRICIA SHANTYLA, A DRUG BARON, WHO DEPOSITED TWO METTALIC TRUNK BOXES WORTHS (#. $.10, MILLIONS) WITH OUR BANK FOR A LONG TIME, AND I WERE RELIABLY INFORMED THAT MISS CECILIA TRICIA SHANTYLA HAS DIED SINCE 6TH OF JUNE 2000, AS A RESULT OF (HIV/AIDS). WHILE HER NEXT OF KIN HAS NOT CALLED OR SHOWED UP TILL DATE,EVEN HER FAMILY MEMBER OR RELATION, THE NATURE AND CONFIDENCIALITY OF THIS DEAL, IT IS ONLY MY COLEAGUES IN THE FOREIGN EXCHANGE DEPARTMENT, I AM HERE TO MAKE SURE THAT YOU KNOW ABOUT THIS SECRET.
>
>NOW HER CONCERNMENT THAT WAS DEPOSITED IN MY BANK IS WHAT WE WSNT TO TRANSFER INTO A FOREIGN ACCOUNT SINCE THE BENEFICIARY WAS A FORIEGNER AND NOW IS LATE, AND NONE OF HER FAMILY MEMBERS OR RELATIONS HAD SHOW UP FOR OVER FOUR YEARS TILL DATE.
>
>MY COLEAGUES AND I DONT HAVE A FOREIGN ACCOUNT, THIS IS IMPOSSIBLE FOR US TO ACQUIRE THIS MONEY BY OURSELVES, THIS IS WHY WE ARE CONNECTING YOU INTO THIS BUSINESS SO AS TO USE YOUR FOREIGN ACCOUNT, BECAUSE WE HAVE PERFECTED ALL THE NECESSARY ARRENGMENTS BEFORE YOUR CONTACT.
>
>IF YOU AGREE TO ASSIST US, WE WOULD AGREE TO SHARE
>THIS MONEY WITH YOU IN THE MUTUAL UNDERSTANDING OFYOU KEEP 20% WHILE ME AND MY COLEAGUES KEEP 70%AND 10% WILL BE KEEP-ASSIDE TO COMPERCENT FOR EXPENSES DURING THE TRANFER FEES:
>
>AS I AM ALMOST DUE FOR RETIREMENT: THEREAFTER I WILL
>VISIT YOUR COUNTRY FOR MUTUAL SHARING, YOU MUST
>HOWEVER NOTE, THAT THIS DEAL IS SUBJECT OF SECRET,
>TRUSTWORTHINESS, AND FASTER COMMUNICATIONS.
>
>YOURS FAITHFULLY
>
>MR UCHIE OFORMA
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>---------------------------------
>Yahoo! Messenger
>Show us what our next emoticon should look like. Join the fun.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>---------------------------------
>Do you Yahoo!?
>Better first dates. More second dates. Yahoo! Personals
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>---------------------------------
>Yahoo! Mail Mobile
> Take Yahoo! Mail with you! Check email on your mobile phone.
>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV>
><DIV><STRONG>REGUEST FOR YOUR URGENT CORPERATION;<BR><BR>I AM MR UCHIE OFORMA, MANAGER CREDIT AND ACCOUNTS DEPARTMENT OF AFRICAN DEVELOPMENT BANK PLC.(ADB). I AM FORTY-FOUR 44 YEARS OLD. <BR><BR>I GOT YOUR CONTACT ON THE NET DURING MY GUEST FOR A<BR>RELIABLE AND REPUTABLE PERSON TO HANDLE A VERY<BR>CONFIDENTIAL BUSINESS, WHICH INVOLVES THE PATICIPATION OF A GOOD FORIEGNER.<BR><BR>SIR, A BRITISH BUSINESS WOMAN BY NAME MISS CECILIA TRICIA SHANTYLA, A DRUG BARON, WHO DEPOSITED TWO METTALIC TRUNK BOXES WORTHS (#. $.10, MILLIONS) WITH OUR BANK FOR A LONG TIME, AND I WERE RELIABLY INFORMED THAT MISS CECILIA TRICIA SHANTYLA HAS DIED SINCE 6TH OF JUNE 2000, AS A RESULT OF (HIV/AIDS). WHILE HER NEXT OF KIN HAS NOT CALLED OR SHOWED UP TILL DATE,EVEN HER FAMILY MEMBER OR RELATION, THE NATURE AND CONFIDENCIALITY OF THIS DEAL, IT IS ONLY MY COLEAGUES IN THE FOREIGN EXCHANGE DEPARTMENT, I AM HERE TO MAKE SURE THAT YOU KNOW ABOUT THIS SECRET. <BR><BR>NOW HER CONCERNMENT THAT WAS DEPOSITED IN MY
> BANK IS WHAT WE WSNT TO TRANSFER INTO A FOREIGN ACCOUNT SINCE THE BENEFICIARY WAS A FORIEGNER AND NOW IS LATE, AND NONE OF HER FAMILY MEMBERS OR RELATIONS HAD SHOW UP FOR OVER FOUR YEARS TILL DATE.<BR><BR>MY COLEAGUES AND I DONT HAVE A FOREIGN ACCOUNT, THIS IS IMPOSSIBLE FOR US TO ACQUIRE THIS MONEY BY OURSELVES, THIS IS WHY WE ARE CONNECTING YOU INTO THIS BUSINESS SO AS TO USE YOUR FOREIGN ACCOUNT, BECAUSE WE HAVE PERFECTED ALL THE NECESSARY ARRENGMENTS BEFORE YOUR CONTACT.<BR><BR>IF YOU AGREE TO ASSIST US, WE WOULD AGREE TO SHARE<BR>THIS MONEY WITH YOU IN THE MUTUAL UNDERSTANDING OFYOU KEEP 20% WHILE ME AND MY COLEAGUES KEEP 70%AND 10% WILL BE KEEP-ASSIDE TO COMPERCENT FOR EXPENSES DURING THE TRANFER FEES:<BR><BR>AS I AM ALMOST DUE FOR RETIREMENT: THEREAFTER I WILL<BR>VISIT YOUR COUNTRY FOR MUTUAL SHARING, YOU MUST<BR>HOWEVER NOTE, THAT THIS DEAL IS SUBJECT OF SECRET,<BR>TRUSTWORTHINESS, AND FASTER COMMUNICATIONS.<BR><BR>YOURS FAITHFULLY<BR><BR>MR UCHIE
> OFORMA<BR><BR></STRONG></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV>
><P>
><HR SIZE=1>
>Yahoo! Messenger<BR>Show us what our next emoticon should look like. <A href="http://us.rd.yahoo.com/evt=31855/*http://advision.webevents.yahoo.com/emoticontest">Join the fun.</A></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV>
><P>
><HR SIZE=1>
>Do you Yahoo!?<BR>Better first dates. More second dates. <A href="http://us.rd.yahoo.com/evt=27808/*http://personals.yahoo.com">Yahoo! Personals</A> </DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV><p>
> <hr size=1>Yahoo! Mail Mobile<br>
><a href="http://us.rd.yahoo.com/mail_us/taglines/mobile/*http://mobile.yahoo.com/learn/mail">Take Yahoo! Mail with you!</a> Check email on your mobile phone.
Re: I like this one.... Particularly the BS from Yahoo.....
Posted by Matt Kettler <mk...@evi-inc.com>.
Nigel Frankcom wrote:
>Admittedly not much,
>
>My biggest issue was yahoo sporting anti spam options in a spam mail.
>
>
My biggest issue would be the assumption that domainkeys is an anti-spam
option. It's not. Period. No matter what some people at slashdot might
think, it is NOT an anti-spam technique.
Domainkeys, like SPF, is an anti forgery technology. Nothing more.
Anyone who tells you otherwise is overstating it's benefits or does not
understand the technology.
While anti-forgery techniques are slightly helpful to the anti-spam
community in tracking down the actual source of a message, they do not
in any way prevent someone from sending spam that is not forged.
Really all this buys you is discouraging forgery by making it easy to
detect. This has the side effect that when spam isn't forged, it's
easier to get the originating accounts terminated.
That's all it offers in terms of anti-spam efforts. It's not really
much, but it's a lot better than looking at the RDNS names in the
Received: headers to try to "verify" what domain a mail really came from.
(Sorry for the soap box, but this particular misconception is particularly common, and one that needs to be eliminated from further propagation.)
Re: Re: I like this one.... Particularly the BS from Yahoo.....
Posted by Nigel Frankcom <ni...@blue-canoe.net>.
Admittedly not much,
My biggest issue was yahoo sporting anti spam options in a spam mail.
I probably shoulda thought a tad more about the post and a tad less
about my beer :-D
It struck me as amusing and a solid example of how the best plans can
bite one in the ass :-D
Apols if any annoyance caused :-D
Nigel
On Tue, 12 Apr 2005 16:53:50 -0400, Matt Kettler
<mk...@evi-inc.com> wrote:
>Nigel Frankcom wrote:
>
>>Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
>>DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
>>s=s1024; d=yahoo.com;
>>b=FU1UmmgKvRlCBEUg1CKomcMMxShgfcM6WKgaJSOKD9D0tUHOxKzy603V5zIMC3MtpLdfh9CN/aRG7HzHYI2nIPlWHYJyO8PxAAl3qroxRQY3KDINcs+qaZSygSnd/nXp+5Yk1fezlUnFxDtEdUcy5YEQ676bu/ksh4+xL8UWivM=
>>;
>>
>>
>>Hmmm - that worked well then.....
>>
>>Anyone else getting these or have I just annoyed someone? :-D
>>
>>Admittedly, annoying Yahoo may not necessarily be a bad thing....
>>
>>Nigel
>>
>
>*snip*
>
>Erm... what's the point here.. I'm not following....
>
>Looks to me like someone with a real yahoo account is spamming you with
>419 scams from it.... The host that delivered the mail to you reverses
>as w2.rc.vip.dcn.yahoo.com....
>
>What's yahoo, or anyone else, being annoyed have to do with it?
Re: I like this one.... Particularly the BS from Yahoo.....
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Tuesday, April 12, 2005 7:29 PM -0400 Matt Kettler
<mk...@evi-inc.com> wrote:
> I don't see them (yahoo) marketing it as an anti-spam solution. They
> market it as a tool to solve problems that anti-spam efforts face
> (spoofing).
>
> http://antispam.yahoo.com/domainkeys/
Wouldn't it be better to host that page at antiforgery.yahoo.com? ;)
Re: I like this one.... Particularly the BS from Yahoo.....
Posted by Matt Kettler <mk...@evi-inc.com>.
Nigel Frankcom wrote:
>Point accepted, but - why do they market it as such?
>
>Nigel
>
I don't see them (yahoo) marketing it as an anti-spam solution. They
market it as a tool to solve problems that anti-spam efforts face
(spoofing).
http://antispam.yahoo.com/domainkeys/
Of course, the fact that the associate themselves at all with anti-spam
efforts causes a lot of trade rags to call it an "anti-spam solution",
but what else do you expect from trade rags? They throw up headlines
that over-state the facts all the time.
http://news.zdnet.com/2100-3513_22-5164279.html
Headline: Yahoo, Sendmail to test antispam system
*From the story quoting a Yahoo VP *"In working with Sendmail, and other
industry leaders, we are able to develop a powerful authentication
solution to solve the spoofing problem and lay the foundation for future
antispam advances,"
*
Gotta love how the headline doesn't match the story..
But "Yahoo, sendmail to test authentication system with hopes of aiding
future antispam efforts" won't attract as many readers.
Don't believe the headlines, they're nearly always lying about the real
facts to grab your attention.
*
Re: Re: I like this one.... Particularly the BS from Yahoo.....
Posted by Nigel Frankcom <ni...@blue-canoe.net>.
Point accepted, but - why do they market it as such?
Nigel
On Tue, 12 Apr 2005 17:45:01 -0400, Matt Kettler
<mk...@evi-inc.com> wrote:
>Nigel Frankcom wrote:
>
>>Admittedly not much,
>>
>>My biggest issue was yahoo sporting anti spam options in a spam mail.
>>
>>
>
>My biggest issue would be the assumption that domainkeys is an anti-spam
>option. It's not. Period. No matter what some people at slashdot might
>think, it is NOT an anti-spam technique.
>
>Domainkeys, like SPF, is an anti forgery technology. Nothing more.
>
>Anyone who tells you otherwise is overstating it's benefits or does not
>understand the technology.
>
>While anti-forgery techniques are slightly helpful to the anti-spam
>community in tracking down the actual source of a message, they do not
>in any way prevent someone from sending spam that is not forged.
>
>Really all this buys you is discouraging forgery by making it easy to
>detect. This has the side effect that when spam isn't forged, it's
>easier to get the originating accounts terminated.
>
>
>That's all it offers in terms of anti-spam efforts. It's not really
>much, but it's a lot better than looking at the RDNS names in the
>Received: headers to try to "verify" what domain a mail really came from.
>
>
>
>
>
Re: I like this one.... Particularly the BS from Yahoo.....
Posted by Matt Kettler <mk...@evi-inc.com>.
Nigel Frankcom wrote:
>Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
>DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
>s=s1024; d=yahoo.com;
>b=FU1UmmgKvRlCBEUg1CKomcMMxShgfcM6WKgaJSOKD9D0tUHOxKzy603V5zIMC3MtpLdfh9CN/aRG7HzHYI2nIPlWHYJyO8PxAAl3qroxRQY3KDINcs+qaZSygSnd/nXp+5Yk1fezlUnFxDtEdUcy5YEQ676bu/ksh4+xL8UWivM=
>;
>
>
>Hmmm - that worked well then.....
>
>Anyone else getting these or have I just annoyed someone? :-D
>
>Admittedly, annoying Yahoo may not necessarily be a bad thing....
>
>Nigel
>
*snip*
Erm... what's the point here.. I'm not following....
Looks to me like someone with a real yahoo account is spamming you with
419 scams from it.... The host that delivered the mail to you reverses
as w2.rc.vip.dcn.yahoo.com....
What's yahoo, or anyone else, being annoyed have to do with it?