You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Randal, Phil" <pr...@herefordshire.gov.uk> on 2006/03/20 14:04:48 UTC
{Spam?} RE: Latest spammers' trick - email address in body instead of url
There's more of this stuff out today, with the addy
uk@euroimperialz.com.
My current list email addresses used in this sort of spam is
*@nicerealmail.info
*@marketez-bonds.*
*@swiss--invest-ltd.*
*@switzerland-invest-ltd.*
*@swis-invest-ltd.*
*@swiss-investments-ltd.*
*@gala.net
*@euroimperialz.*
The rule to catch these is trivial.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: Randal, Phil
> Sent: 10 March 2006 17:13
> To: users@spamassassin.apache.org
> Subject: RE: Latest spammers' trick - email address in body
> instead of url
>
> I think email addresses should be scored differently from urls.
>
> Clicking on an email address isn't going to take you to a site which
> auto-installs all manner of malware on your PC.
>
> But these spams are still a nuisance - especially to us
> thankless admins
> who get enormous amounts of hassle from our end-users and management
> everytime spam slips through with a very low spamassassin score.
>
> Cheers,
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
> > -----Original Message-----
> > From: Daryl C. W. O'Shea [mailto:spamassassin@dostech.ca]
> > Sent: 10 March 2006 15:47
> > To: Matt Kettler
> > Cc: Randal, Phil; users@spamassassin.apache.org
> > Subject: Re: Latest spammers' trick - email address in body
> > instead of url
> >
> > On 10/03/06 10:26 AM, Matt Kettler wrote:
> > > Randal, Phil wrote:
> > >> Hi folks,
> > >>
> > >> We're seeing increasing amounts of spam coming in which
> > the email's
> > >> body contains seemingly innocuous (but obviously
> irrelevant) text
> > >> plus an email address for more information.
> > >>
> > >> With no urls in the message, uribls are useless...
> > >>
> > >> Currently we've had spams with emails from <whoever> (AT)
> > >> nicerealmail .info and <whoever> (AT) marketez-bonds .net.
> > >>
> > >> Currently handling it by adding specific rules as we
> > encounter them,
> > >> but there has to be a better way of handling this.
> > >>
> > >> Anyone for emailbls? Or updating uribl to fire on
> > >> xyz@naughtydomain.com email addresses in message bodies?
> > >>
> > >> Thoughts, anyone?
> > >
> > > Um... SA should already be treating email addresses in
> the body as
> > > URIs... Are you sure yours isn't looking up the offending domains
> > > agianst the URIBLs you're using?
> >
> > I don't believe that's accurate. I know Jeff C. argued that
> > it "wasn't what SURBL was intended for" so we ended up disabling it.
> >
> > Personally, I still think email address should be looked up.
> > Either the domain is bad or it isn't.
> >
> > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4201
> >
> >
> > Daryl
> >
>