On Tuesday, October 24, 2006, 11:39:31 AM, Joseph Brennan wrote:
> www.citylimits.org is in the ws list.
> It is a nonprofit organization, and they tell me people here at Columbia
> have asked why they have not got their mail.
> What was this listing based on? A quick web and newsgroup search got me
> nothing about this domain and spam.
> Joseph Brennan
> Columbia University Information Technology
Thanks. Looks possibly legit so, removing it.
Please note that false positive reports generally should be sent
to whitelist at surbl. org.
Jeff C.
--
Don't harm innocent bystanders.
www.citylimits.org is in the ws list.
It is a nonprofit organization, and they tell me people here at Columbia
have asked why they have not got their mail.
What was this listing based on? A quick web and newsgroup search got me
nothing about this domain and spam.
Joseph Brennan
Columbia University Information Technology
On Tuesday, October 3, 2006, 9:26:43 PM, Steve Sobol wrote:
> Are you guys still looking for a logo? I've been pretty busy :(
Yep. Can you make your logo with thicker lines and text?
Jeff C.
--
Don't harm innocent bystanders.
www.4emi.com is coming up as listed in PH and AB SURBL.
EMI Solutions is a legitimate supplier we use in manufacturing
aircraft electronics and should not be listed in either PH or AB.
Funny thing is I can't find the listing on abusebutler or castlecops.
This server is running SpamAssassin version 3.0.3
On Thursday, August 17, 2006, 9:12:51 PM, Steve Sobol wrote:
> Jeff Chan wrote:
>>> http://stevesobol.com/content/surbllogo.jpg
>>
>>> This is just a preliminary, I-did-this-in-five-minutes concept.
>>
>> It's good. (Red circle and slash = "no" and url://)
>>
>> Can you make one with spam:// ?
> Absolutely not, but see
> http://stevesobol.com/content/surbllogo2.jpg
> (Ok, I was just kidding, of course I can do it!)
> If that looks OK to you, I'll take that concept and come up
> with a final product.
Hi Steve,
Looks great; thanks much! If I could request a modification, it
would be for bolder type and thicker lines if possible. Also I'd
probably make the text black, as in blackhat.
Cheers,
Jeff C.
--
Don't harm innocent bystanders.
What's going on here?
Numerous examples of porn spam sent Sunday have all different hostnames
that resolve to the same few IP addresses, apparently by round robin:
$ host takinoivanober.comtakinoivanober.com has address 68.142.212.127
takinoivanober.com has address 68.142.212.128
takinoivanober.com has address 68.142.212.129
takinoivanober.com has address 68.142.212.130
takinoivanober.com has address 68.142.212.135
takinoivanober.com has address 68.142.212.126
$ host zascehjukalsderr.comzascehjukalsderr.com has address 68.142.212.130
zascehjukalsderr.com has address 68.142.212.135
zascehjukalsderr.com has address 68.142.212.126
zascehjukalsderr.com has address 68.142.212.127
zascehjukalsderr.com has address 68.142.212.128
zascehjukalsderr.com has address 68.142.212.129
$ host sex368yzx.comsex368yzx.com has address 68.142.212.129
sex368yzx.com has address 68.142.212.130
sex368yzx.com has address 68.142.212.135
sex368yzx.com has address 68.142.212.136
sex368yzx.com has address 68.142.212.137
sex368yzx.com has address 68.142.212.128
Reverse DNS resolves to Yahoo, only:
$ host 68.142.212.130
130.212.142.68.in-addr.arpa domain name pointer p10w14.geo.mud.yahoo.com.
$ host 68.142.212.127
127.212.142.68.in-addr.arpa domain name pointer p10w11.geo.mud.yahoo.com.
$ host 68.142.212.128
128.212.142.68.in-addr.arpa domain name pointer p10w12.geo.mud.yahoo.com.
The range 68.142.192 through 68.142.255 is all Inktomi, contact address
network-abuse(a)cc.yahoo-inc.com, so it really is Yahoo.
The interesting bit is that connecting by IP address or yahoo hostname
gets a "Error 400 - Bad Request", but connecting by the spammer hostname
gets a web page.
I'd be especially interested in a generalized way of catching this.
Joseph Brennan
Columbia University Information Technology