how to submit a spammer?

[jj-ml <jj...@fingerprint.fr>]

Hi all,

I've received once a day a spam from fidbroker@hotmail.fr. (fidbroker.com)
Since it is a french company and i live in france, i call them (the phone
number is in the spam)
and tell them to stop. They told me they will do so, but of course they
don't do anything.

Obsiouly, they already had pb with their previous ISP and change their email
address.

So i want to submit the website and their email to a RBL so that everybody
can tag them as spam.
How to do so?

second pb: in some of them, there is a big attachment (> 500k) so it doesn't
go throw spamassassin. How to resolv that pb?

thanks

Re: how to submit a spammer?

[jdow <jd...@earthlink.net>]

From: "Kris Deugau" <kd...@vianet.ca>

> jj-ml wrote:
> > I've received once a day a spam from fidbroker@hotmail.fr.
> > (fidbroker.com) Since it is a french company and i live in france, i
> > call them (the phone number is in the spam) and tell them to stop.
> > They told me they will do so, but of course they don't do anything.
> > 
> > Obsiouly, they already had pb with their previous ISP and change
> > their email address.
> 
> If the sender address is consistent in any way, blacklist them.  If not,
> check the message headers or body to see if there's anything consistent
> between messages that you can write a rule or set of rules for.

How does one do that if spamd simply logs a long message and exits?
{^_-}

Re: how to submit a spammer?

[Jeff Chan <je...@surbl.org>]

On Friday, July 8, 2005, 6:44:55 AM, Kris Deugau wrote:
> jj-ml wrote:
>> I've received once a day a spam from fidbroker@hotmail.fr.
>> (fidbroker.com) Since it is a french company and i live in france, i
>> call them (the phone number is in the spam) and tell them to stop.
>> They told me they will do so, but of course they don't do anything.
>> 
>> Obsiouly, they already had pb with their previous ISP and change
>> their email address.

> If the sender address is consistent in any way, blacklist them.  If not,
> check the message headers or body to see if there's anything consistent
> between messages that you can write a rule or set of rules for.

> If you feel like making the effort, track down their ISP and let them
> know that their user is generating spam.

>> So i want to submit the website and their email to a RBL so that
>> everybody can tag them as spam.
>> How to do so?

> http://www.surbl.org and http://www.uribl.com both accept submissions in
> one form or another.  Check through their websites and see if they're
> what you're looking for.

I very good way to submit spam for inclusion on SURBLs is to use
SpamCop.  The sc.surbl.org list is derived from the spamvertised
site data there.

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/

Re: how to submit a spammer?

[Kris Deugau <kd...@vianet.ca>]

jj-ml wrote:
> I've received once a day a spam from fidbroker@hotmail.fr.
> (fidbroker.com) Since it is a french company and i live in france, i
> call them (the phone number is in the spam) and tell them to stop.
> They told me they will do so, but of course they don't do anything.
> 
> Obsiouly, they already had pb with their previous ISP and change
> their email address.

If the sender address is consistent in any way, blacklist them.  If not,
check the message headers or body to see if there's anything consistent
between messages that you can write a rule or set of rules for.

If you feel like making the effort, track down their ISP and let them
know that their user is generating spam.

> So i want to submit the website and their email to a RBL so that
> everybody can tag them as spam.
> How to do so?

http://www.surbl.org and http://www.uribl.com both accept submissions in
one form or another.  Check through their websites and see if they're
what you're looking for.

> second pb: in some of them, there is a big attachment (> 500k) so it
> doesn't go throw spamassassin. How to resolv that pb?

On my systems, I'd do one or more of these:
-> Create a procmail rule that sends these to /dev/null (based on
sender, Recieved: headers, or some sort of check on the attachment)
-> Tweak processing in MIMEDefang (a sendmail "milter") to delete or
reject these messages
-> Add an entry in the sendmail access map to block the sender or relay
server outright - along with a suitable "Go away, spammer" message
-> Drop the relay's IP into my firewall (I only do this in extreme
cases, such as a thoroughly BROKEN remote server with nonresponsive
admins - I've had to do this ONCE)

-kgd
-- 
Get your mouse off of there!  You don't know where that email has been!

Re: how to submit a spammer?

[mouss <us...@free.fr>]

jdow wrote:
> From: "jj-ml" <jj...@fingerprint.fr>
> 
>>second pb: in some of them, there is a big attachment (> 500k) so it
> 
> doesn't
> 
>>go throw spamassassin. How to resolv that pb?
> 
> 
> That raises an interesting point. The spamc/spamd behavior should
> change for the "SKIP SPAMC" tag. Instead of merely logging that it
> skipped it should go off and at least run the header RBL tests while
> skipping all the body tests.

I like this idea. instead of skiiping a message when its size is > 
$LIMIT, why not scan up to $LIMIT? there are certainly things to get 
fixed, but that would be a good approach. otherwise, a spammer would 
just add enough blanks (or whatever) to avoid filtering.

Re: how to submit a spammer?

[jdow <jd...@earthlink.net>]

From: "jj-ml" <jj...@fingerprint.fr>

> second pb: in some of them, there is a big attachment (> 500k) so it
doesn't
> go throw spamassassin. How to resolv that pb?

That raises an interesting point. The spamc/spamd behavior should
change for the "SKIP SPAMC" tag. Instead of merely logging that it
skipped it should go off and at least run the header RBL tests while
skipping all the body tests.

{^_^}

Re: how to submit a spammer?

[Loren Wilton <lw...@earthlink.net>]

> second pb: in some of them, there is a big attachment (> 500k) so it
doesn't
> go throw spamassassin. How to resolv that pb?

This brings up an interesing idea for an enhancement request to SA.

If the mail is > the cutoff limit, (which possibly could be a lot smaller
than it is now) somehow just pipe the first 2K or 10K or so of the message
to SA and have it rule on that.  Indeed, perhaps just the headers would be
sufficient in many cases.

I think right now (if I remember correctly, and I may not) that Bayes has a
cutoff limit on learning from a message, since anything over a few K proved
to not be useful.  Thinking about spam in general, it may be that the
message can be reliably classified from a fairly short part of the message.

        Loren