You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by "J." <sw...@yahoo.com> on 2007/04/04 03:08:47 UTC

also...

I've been doing this sort of thing to block connections which is
somewhat more satisfying than just scoring the email higher, but these
rascals seems to be able to use multiple ip addresses even within a
single mailing:

123.156.189.:allow,RBLSMTPD="-Connections refused. domain.com seems to
ignore bounces."                       
87.254.321.:allow,RBLSMTPD="-Connections refused due to spam."


 
____________________________________________________________________________________
Food fight? Enjoy some healthy debate 
in the Yahoo! Answers Food & Drink Q&A.
http://answers.yahoo.com/dir/?link=list&sid=396545367

Re: also...

Posted by "J." <sw...@yahoo.com>.

--- Michael Grant <mi...@gmail.com> wrote:

> On 4/4/07, J. <sw...@yahoo.com> wrote:
> >
> > --- Matt Kettler <mk...@verizon.net> wrote:
> >
> > > J. wrote:
> > > > I've been doing this sort of thing to block connections which
> is
> > > > somewhat more satisfying than just scoring the email higher,
> but
> > > these
> > > > rascals seems to be able to use multiple ip addresses even
> within a
> > > > single mailing:
> > > >
> > > > 123.156.189.:allow,RBLSMTPD="-Connections refused. domain.com
> seems
> > > to
> > > > ignore bounces."
> > > > 87.254.321.:allow,RBLSMTPD="-Connections refused due to spam."
> > >
> > > Do they have a common reverse DNS?
> >
> > Good question. They probably do if they're running email lists and
> want
> > the messages to get through. They always seems to come through with
> low
> > scores so I assume they've got spf and reverse dns set up right.
>
> Is it possible they are coming from zombie machines?  Machines which
> have been infected by a sort of virus which a spammer can take over
> and send out mail from remotely.

I don't think so. These are the spams that claim to be non-spam, put
contact info for the advertiser and the spammer. They seem to use
relatively close ip addresses:

70.164.3.2 (giftgroup)
70.164.7.206
70.164.7.247
70.164.7.247


 
____________________________________________________________________________________
Get your own web address.  
Have a HUGE year through Yahoo! Small Business.
http://smallbusiness.yahoo.com/domains/?p=BESTDEAL

Re: also...

Posted by Michael Grant <mi...@gmail.com>.

Is it possible they are coming from zombie machines?  Machines which
have been infected by a sort of virus which a spammer can take over
and send out mail from remotely.

Michael Grant

On 4/4/07, J. <sw...@yahoo.com> wrote:
>
> --- Matt Kettler <mk...@verizon.net> wrote:
>
> > J. wrote:
> > > I've been doing this sort of thing to block connections which is
> > > somewhat more satisfying than just scoring the email higher, but
> > these
> > > rascals seems to be able to use multiple ip addresses even within a
> > > single mailing:
> > >
> > > 123.156.189.:allow,RBLSMTPD="-Connections refused. domain.com seems
> > to
> > > ignore bounces."
> > > 87.254.321.:allow,RBLSMTPD="-Connections refused due to spam."
> >
> > Do they have a common reverse DNS?
>
> Good question. They probably do if they're running email lists and want
> the messages to get through. They always seems to come through with low
> scores so I assume they've got spf and reverse dns set up right.
>
>
>
> ____________________________________________________________________________________
> No need to miss a message. Get email on-the-go
> with Yahoo! Mail for Mobile. Get started.
> http://mobile.yahoo.com/mail
>

Re: also...

Posted by "J." <sw...@yahoo.com>.

--- Matt Kettler <mk...@verizon.net> wrote:

> J. wrote:
> > I've been doing this sort of thing to block connections which is
> > somewhat more satisfying than just scoring the email higher, but
> these
> > rascals seems to be able to use multiple ip addresses even within a
> > single mailing:
> >
> > 123.156.189.:allow,RBLSMTPD="-Connections refused. domain.com seems
> to
> > ignore bounces."                       
> > 87.254.321.:allow,RBLSMTPD="-Connections refused due to spam."
> 
> Do they have a common reverse DNS?

Good question. They probably do if they're running email lists and want
the messages to get through. They always seems to come through with low
scores so I assume they've got spf and reverse dns set up right.

____________________________________________________________________________________
No need to miss a message. Get email on-the-go 
with Yahoo! Mail for Mobile. Get started.
http://mobile.yahoo.com/mail

Re: also...

Posted by Matt Kettler <mk...@verizon.net>.

J. wrote:
> I've been doing this sort of thing to block connections which is
> somewhat more satisfying than just scoring the email higher, but these
> rascals seems to be able to use multiple ip addresses even within a
> single mailing:
>
> 123.156.189.:allow,RBLSMTPD="-Connections refused. domain.com seems to
> ignore bounces."                       
> 87.254.321.:allow,RBLSMTPD="-Connections refused due to spam."

Do they have a common reverse DNS?