You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Sujit Acharyya-Choudhury <S....@westminster.ac.uk> on 2008/05/29 12:52:57 UTC
Lot of unmarked spam
We are getting lot of unmarked spam. The header is as follows:
From: Feed Blaster
To: xyz@oursite.ac.uk
Subject: Feed Blaster puts your ad right to the screens of millions in
15 Minutes !
Date: 26 May 2008 21:42:41 -0700
Message-ID: <20...@from.header.has.no.domain>
And the message contains:
More and more people are subscribing to feeds every
day and there are millions who are already subscribed.
Thus, your ad will reach a very broad range of potential customers with
each use of Feed Blaster!
Feed Blaster is the first & only submitter that can submit your
ads to thousands of feeds within a few minutes!
Post your ads where people read them!
- What if you could place your ad into all these feeds ?
Right, that would mean you would have millions of sites
linking to your ad - and millions of users reading your message within
minutes - and my idea actually works
For Full details please read the attached .html file
Usually two html files are attached.
Are we the only one who are seeing this kind of spam? If not is there
any rule that can be applied to stop this kind of spam?
Sujit Choudhury
ISLS
University of Westminster
This e-mail and its attachments are intended for the above named only
and may be confidential. If they have come to you in error you must not
copy or show them to anyone, nor should you take any action based on
them, other than to notify the error by replying to the sender.
--
The University of Westminster is a charity and a company limited by
guarantee. Registration number: 977818 England. Registered Office:
309 Regent Street, London W1B 2UW, UK.
Re: Lot of unmarked spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Thu, May 29, 2008 15:15, Sujit Acharyya-Choudhury wrote:
> > As requested full header is as follows:
> >
> >
> > Microsoft Mail Internet Headers Version 2.0
> > Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by
> > isls-exch-be-1.intranet.wmin.ac.uk with Microsoft
> > SMTPSVC(6.0.3790.3959);
> > Tue, 27 May 2008 05:42:34 +0100
> > Received: from [124.236.241.119] (helo=gmail.com)
> > by isls-mx20.wmin.ac.uk with esmtp (Exim 4.60)
> > (envelope-from <vj...@gmail.com>)
> > id 1K0r17-0005Sm-8b
> > for myname@wmin.ac.uk; Tue, 27 May 2008 05:42:34 +0100
> > Reply-To: vjmgprograms@gmail.com
> > From: Feed Blaster
> > To: myname@westminster.ac.uk
> > Subject: Feed Blaster puts your ad right to the screens of millions in 15
> Minutes !
> > Date: 26 May 2008 21:42:41 -0700
> > Message-ID: <20...@from.header.has.no.domain>
> MIME-Version: 1.0
> > Content-Type: multipart/mixed;
> > boundary="----=_NextPart_000_0012_DAA36BB7.FAA31CFA"
> > Return-Path: vjmgprograms@gmail.com
> > X-OriginalArrivalTime: 27 May 2008 04:42:34.0297 (UTC)
> > FILETIME=[14BC6A90:01C8BFB4]
On 29.05.08 15:39, Benny Pedersen wrote:
> envelope seams to come from gmail.com so spf can reject this spam since its
> not sent from gmail servers
>
> http://www.openspf.org/Why?s=mfrom&id=vjmgprograms@gmail.com&ip=161.74.14.113&r=westminster.ac.uk
which means you should turn on SPF control, and I recommend even DKIM and
other newtwork rules (razor, pyzor, uribl and DCC if you can)
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.
RE: Lot of unmarked spam
Posted by Benny Pedersen <me...@junc.org>.
On Thu, May 29, 2008 15:15, Sujit Acharyya-Choudhury wrote:
> As requested full header is as follows:
>
>
> Microsoft Mail Internet Headers Version 2.0
> Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by
> isls-exch-be-1.intranet.wmin.ac.uk with Microsoft
> SMTPSVC(6.0.3790.3959);
> Tue, 27 May 2008 05:42:34 +0100
> Received: from [124.236.241.119] (helo=gmail.com)
> by isls-mx20.wmin.ac.uk with esmtp (Exim 4.60)
> (envelope-from <vj...@gmail.com>)
> id 1K0r17-0005Sm-8b
> for myname@wmin.ac.uk; Tue, 27 May 2008 05:42:34 +0100
> Reply-To: vjmgprograms@gmail.com
> From: Feed Blaster
> To: myname@westminster.ac.uk
> Subject: Feed Blaster puts your ad right to the screens of millions in 15
Minutes !
> Date: 26 May 2008 21:42:41 -0700
> Message-ID: <20...@from.header.has.no.domain>
MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----=_NextPart_000_0012_DAA36BB7.FAA31CFA"
> Return-Path: vjmgprograms@gmail.com
> X-OriginalArrivalTime: 27 May 2008 04:42:34.0297 (UTC)
> FILETIME=[14BC6A90:01C8BFB4]
envelope seams to come from gmail.com so spf can reject this spam since its
not sent from gmail servers
http://www.openspf.org/Why?s=mfrom&id=vjmgprograms@gmail.com&ip=161.74.14.113&r=westminster.ac.uk
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
RE: Lot of unmarked spam
Posted by Sujit Acharyya-Choudhury <S....@westminster.ac.uk>.
As requested full header is as follows:
Microsoft Mail Internet Headers Version 2.0
Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by
isls-exch-be-1.intranet.wmin.ac.uk with Microsoft
SMTPSVC(6.0.3790.3959);
Tue, 27 May 2008 05:42:34 +0100
Received: from [124.236.241.119] (helo=gmail.com)
by isls-mx20.wmin.ac.uk with esmtp (Exim 4.60)
(envelope-from <vj...@gmail.com>)
id 1K0r17-0005Sm-8b
for myname@wmin.ac.uk; Tue, 27 May 2008 05:42:34 +0100
Reply-To: vjmgprograms@gmail.com
From: Feed Blaster
To: myname@westminster.ac.uk
Subject: Feed Blaster puts your ad right to the screens of millions in
15 Minutes !
Date: 26 May 2008 21:42:41 -0700
Message-ID: <20...@from.header.has.no.domain>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0012_DAA36BB7.FAA31CFA"
Return-Path: vjmgprograms@gmail.com
X-OriginalArrivalTime: 27 May 2008 04:42:34.0297 (UTC)
FILETIME=[14BC6A90:01C8BFB4]
------=_NextPart_000_0012_DAA36BB7.FAA31CFA
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
------=_NextPart_000_0012_DAA36BB7.FAA31CFA
Content-Type: text/html; name="Full_Details.htm"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Full_Details.htm"
------=_NextPart_000_0012_DAA36BB7.FAA31CFA
Content-Type: text/html; name="Unsubscribe.htm"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Unsubscribe.htm"
------=_NextPart_000_0012_DAA36BB7.FAA31CFA--
Sujit Choudhury
ISLS
University of Westminster
This e-mail and its attachments are intended for the above named only
and may be confidential. If they have come to you in error you must not
copy or show them to anyone, nor should you take any action based on
them, other than to notify the error by replying to the sender.
-----Original Message-----
From: ram [mailto:ram@netcore.co.in]
Sent: 29 May 2008 12:16
To: Sujit Acharyya-Choudhury
Cc: users@spamassassin.apache.org
Subject: Re: Lot of unmarked spam
On Thu, 2008-05-29 at 11:52 +0100, Sujit Acharyya-Choudhury wrote:
> We are getting lot of unmarked spam. The header is as follows:
>
> From: Feed Blaster
> To: xyz@oursite.ac.uk
> Subject: Feed Blaster puts your ad right to the screens of millions in
> 15 Minutes !
> Date: 26 May 2008 21:42:41 -0700
> Message-ID:
> <20...@from.header.has.no.domain>
>
These are just few visible headers.
see the whole headers. Some email clients ( typically Micro$$oft
Outlook/OWA ) do let you see headers easily, you will have to juggle a
lot to get the headers
Post the *full* mail on some pastebin , we could run tests against it
and tell you what scores you might get
--
The University of Westminster is a charity and a company limited by
guarantee. Registration number: 977818 England. Registered Office:
309 Regent Street, London W1B 2UW, UK.
Re: Lot of unmarked spam
Posted by ram <ra...@netcore.co.in>.
On Thu, 2008-05-29 at 11:52 +0100, Sujit Acharyya-Choudhury wrote:
> We are getting lot of unmarked spam. The header is as follows:
>
> From: Feed Blaster
> To: xyz@oursite.ac.uk
> Subject: Feed Blaster puts your ad right to the screens of millions in
> 15 Minutes !
> Date: 26 May 2008 21:42:41 -0700
> Message-ID: <20...@from.header.has.no.domain>
>
These are just few visible headers.
see the whole headers. Some email clients ( typically Micro$$oft
Outlook/OWA ) do let you see headers easily, you will have to juggle a
lot to get the headers
Post the *full* mail on some pastebin , we could run tests against it
and tell you what scores you might get
Re: Lot of unmarked spam
Posted by Benny Pedersen <me...@junc.org>.
On Thu, May 29, 2008 21:52, Joseph Brennan wrote:
> Reject if the From field has no @ in it. That knocked out the
> one (1) of these that we saw here yesterday.
the from was not envelope sender, but yes one could make a header rule for
this in spamassassin :-)
postfix cant see the From: in header test
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Lot of unmarked spam
Posted by Joseph Brennan <br...@columbia.edu>.
> We are getting lot of unmarked spam. The header is as follows:
>
> From: Feed Blaster
> To: xyz@oursite.ac.uk
> Subject: Feed Blaster puts your ad right to the screens of millions in
> 15 Minutes !
> Date: 26 May 2008 21:42:41 -0700
> Message-ID: <20...@from.header.has.no.domain>
Reject if the From field has no @ in it. That knocked out the
one (1) of these that we saw here yesterday.
Joseph Brennan
Columbia University Information Technology