Discuss

discuss@lists.surbl.org

1 participants
1864 discussions

FP: bankline.itau.com.br
by Alex Broens (Ninja Trainee) 01 Sep '04

01 Sep '04

Pls whitelist "bankline.itauMUNGED.com.br" Valid Bank Account Info was filtered out incorrectly. Assume Phising abuse, but..... http://www.itau.com.br/ (a genuine bank) Lots of NANAS entries..... If not willing to whitelist, pls let em know and I'll WL on my side Thanks Alex ----------------------------------------------------------- * 3.0 WS_URI_RBL URI's domain appears in ws database at ws.surbl.org * [banklineMUNGED.itauMUNGED.com.br is blacklisted in URI RBL] [at multi.surbl.org] ------------------------ Return-path: <itaumail(a)itau.com.br> Received: from servicos.itauMUNGED.com.br ([200.246.143.230]) by server.domain.tld (server.domain.tld) with ESMTP id 01-md50000009120.msg for <munged(a)munged.tld>; Wed, 01 Sep 2004 20:23:57 +0200 Received: from mail pickup service by servicos.itau.com.br with Microsoft SMTPSVC; Wed, 1 Sep 2004 15:23:34 -0300 From: <itaumail(a)itauMUNGED.com.br> To: <munged(a)munged.tld> Subject: [***SPAM***] Extrato ITAU 20891-0 AG 1170 Date: Wed, 1 Sep 2004 15:23:34 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_15E2_01C49037.A5579D00" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Message-ID: <SIWT001CTOqqgNjWOiy0001af6b(a)servicos.itau.com.br> X-OriginalArrivalTime: 01 Sep 2004 18:23:34.0652 (UTC) FILETIME=[CABF13C0:01C49050] ------------------------- -> itau.com.br. type = A, class = 1, ttl = 86400, dlen = 4 IP address = 200.246.143.40 [ Informations about 200.246.143.40 ] IP range : 200.246.143.0 - 200.246.143.255 Infos : BANCO ITAU S.A. Infos : Av do Estado, 5533, 2A Infos : 03105-000 - Sao Paulo - SP Country : Brazil (BR) Abuse E-mail : abuse(a)embratel.net.br Source : BRNIC ------------------------

2 1

FP: banklineMUNGED-DOTitauMUNGED-DOTcomMUNGED-DOTbr
by Alex Broens (Ninja Trainee) 01 Sep '04

01 Sep '04

Seems the first try enver made it to the list...... Second try..... ---------------------------------------------------------------- Pls whitelist "bankline.itauMUNGED.com.br" Valid Bank Account Info was filtered out incorrectly. Assume Phising abuse, but..... http://www.itau.com.br/ (a genuine Brasilian bank) Lots of NANAS entries..... If not willing to whitelist, pls let me know and I'll WL on my side. Thanks Alex ----------------------------------------------------------- * 3.0 WS_URI_RBL URI's domain appears in ws database at ws.surbl.org * [banklineMUNGED.itauMUNGED.com.br is blacklisted in URI RBL] [at multi.surbl.org] ------------------------ Return-path: <itaumail(a)itau.com.br> Received: from servicos.itauMUNGED.com.br ([200.246.143.230]) by server.domain.tld (server.domain.tld) with ESMTP id 01-md50000009120.msg for <munged(a)munged.tld>; Wed, 01 Sep 2004 20:23:57 +0200 Received: from mail pickup service by servicos.itau.com.br with Microsoft SMTPSVC; Wed, 1 Sep 2004 15:23:34 -0300 From: <itaumail(a)itauMUNGED.com.br> To: <munged(a)munged.tld> Subject: [***SPAM***] Extrato ITAU 20891-0 AG 1170 Date: Wed, 1 Sep 2004 15:23:34 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_15E2_01C49037.A5579D00" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Message-ID: <SIWT001CTOqqgNjWOiy0001af6b(a)servicos.itau.com.br> X-OriginalArrivalTime: 01 Sep 2004 18:23:34.0652 (UTC) FILETIME=[CABF13C0:01C49050] ------------------------- -> itau.comMUNGED-DOTbr. type = A, class = 1, ttl = 86400, dlen = 4 IP address = 200.246.143.40 [ Informations about 200.246.143.40 ] IP range : 200.246.143.0 - 200.246.143.255 Infos : BANCO ITAU S.A. Infos : Av do Estado, 5533, 2A Infos : 03105-000 - Sao Paulo - SP Country : Brazil (BR) Abuse E-mail : abuse(a)embratel.net.br Source : BRNIC ------------------------

1 0

Re: [SURBL-Discuss] Whitelist Please
by Rob McEwen 01 Sep '04

01 Sep '04

RE: funnygreetings.com Forgive me for my ignorance, but would someone please explain the rational for whitelisting funnygreetings.com in the first place. Unlike most here, I use a different program and I don't understand those spamassassin reports... moreover, are there really significant reasons to whitelist funnygreetings.com? Did someone's client complain about missing a message? I fear that this may be the quintessential situation that Jeff probably doesn't want to have to deal with... a hardcore spammer who does have a few legitimate services. It won't hurt my feelings if that list of domains gets removed from SURBL or even gets whitelisted, but I will definitely blacklist them locally on my server. Also, it would be nice to get a little more justification for their remove from SURBL... unless, of course, this is just a case of me not understanding that SpamAssassin report :) Rob McEwen

1 0

Re: [SURBL-Discuss] Whitelist Please
by Rob McEwen 01 Sep '04

01 Sep '04

> I've whitelisted: funnygreetings.com I second Raymond's concern. A ton of spam goes to my server with flowgo.com etc. See the following as well: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL5535 Rob McEwen

2 1

RE: [SURBL-Discuss] Whitelist Please
by Chris Santerre 01 Sep '04

01 Sep '04

Good grief NO! http://www.dietingplans.com/images/TSAE001.jpg I would definitely NOT get into the habit of whitelisting other domains. One at a time! Especially ones like these!! --Chris >-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Wednesday, September 01, 2004 2:42 PM >To: SURBL-List >Subject: Re: [SURBL-Discuss] Whitelist Please > > >On Wednesday, September 1, 2004, 5:47:11 AM, Bitz Bitz wrote: >> http://www.funnygreetings.com > >> Listed at WS_URI_RBL > >> X-Spam-Status: No, hits=5.1 required=10.0 tests=RATWR10_MESSID=0.111, >> WS_URI_RBL=5 > >> Thanks, >> -b. > >I've whitelisted: funnygreetings.com > >It belongs to euniverse. I've added it to these other euniverse >domains: > >euniverse.com >flowgo.com >skilljam.com >cupidjunction.com >dietingplans.com >intelligentx.com >netlaughter.com >cutestuf.com >madblast.com >infobeat.com >gossipflash.com >funnygreetings.com > >Jeff C. > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

2 1

RE: [SURBL-Discuss] Whitelist Please
by Chris Santerre 01 Sep '04

01 Sep '04

Cupidjunction don't look too clean either! http://tinyurl.com/542yo One domain at a time. Not affiliate domains...please...pretty please with Doom3 on top! --Chris >-----Original Message----- >From: Rob McEwen [mailto:rob@powerviewsystems.com] >Sent: Wednesday, September 01, 2004 3:07 PM >To: SURBL Discussion list; Jeff Chan; SURBL Discussion list >Subject: Re: [SURBL-Discuss] Whitelist Please > > >> I've whitelisted: funnygreetings.com > >I second Raymond's concern. A ton of spam goes to my server >with flowgo.com etc. > >See the following as well: > >http://www.spamhaus.org/sbl/sbl.lasso?query=SBL5535 > >Rob McEwen > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

1 0

RE: [SURBL-Discuss] To MUNGE to not to MUNGE
by Chris Santerre 01 Sep '04

01 Sep '04

>-----Original Message----- >From: SM [mailto:sm@resistor.net] >Sent: Wednesday, September 01, 2004 2:23 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] To MUNGE to not to MUNGE > > >Hi Rob, >At 10:04 01-09-2004, Rob wrote: >>Currently, I do whitelist this list, but... >> >>...and maybe I'm getting paranold here... >> >>What happens if spammers start adding SURBL tolkins to their >spam? (like >>"lists.surbl.org") Are there not situations here which could >defeat our >>whitelisting and force us back to munging anyway? > >No, unless the whitelisting is not implemented correctly. I suggested >whitelisting the server from which this email comes from and not the >return-path. > >Regards, >-sm whitelist desn't mean what it means for other lists. In SURBL it simply means if some nut puts it into SURBL, it won't matter. The WL will remove it. So it's just never added. There are LOTS of times we remove domain names but don't whitelist. Just in case they return to spamming. And removal of domains usually takes 2-3 "Major players" (LOL I like that. But I'm just a loud mouth, no bigger then the rest of the submitters, just heard from more often ;) Weee!) Not really a policy, we just like to be sure. More then once, one of us has thought something should be removed, only to find quite the opposite from other submitters. And MUNGED might as well go along with Top posting. Do what makes you feel good.....unless it might get you fired :) When I retype htings I automungew because ofp my phat fingers. --Chris

1 0

RE: [SURBL-Discuss] FP: SallyFoster-MUNGED.com
by Chris Santerre 01 Sep '04

01 Sep '04

>-----Original Message----- >From: Rob McEwen [mailto:rob@powerviewsystems.com] >Sent: Wednesday, September 01, 2004 8:41 AM >To: discuss(a)lists.surbl.org >Subject: [SURBL-Discuss] FP: SallyFoster-MUNGED.com > > >FP: SallyFoster-MUNGED.com > >1. Zero NANAS hits >2. domain registered in 1997 >3. very popular fundraiser for school & other organizations (they sell >wrapping paper) > >As a matter of fact, I found this by actually attempting to >send a relative >an e-mail about my own child's school fundraiser. I'm >horrified. I don't >even audit my client's SURBL-blocked mail... perhaps I should now? > >I don't know if they do illegal harvesting or not. I'm >guessing not because >I'd think they would get some NANAS hits if they did. Many of >their e-mails >go out via a parent keying in their friends & family's e-mail >address on the >SallyFoster-MUNGED.com site. I could see how some of these friends or >relatives might not read the resulting message carefully and >automatically >report it as spam :) Therefore, I think that this domain should be >whitelisted, or it probably WILL get relisted for the wrong >reasons, as you >can see. > Agreed, they seem clean on my end as well. --Chris

2 1

Re: [SURBL-Discuss] To MUNGE to not to MUNGE
by Rob McEwen 01 Sep '04

01 Sep '04

>It doesn't work that way. The whitelist means we dont add THOSE domains to >the SURBLs, other domains listed in those mails will still trigger the >SURBL filtering. First, I'm referring to a person's LOCAL whitelisting of SURBL list messages so that these messages bypass all filtering in order to allow SURBL-blocked domains to not stop the SURBL list message. In this scenario, SURBL-filtering could possibly be totally bypassed if the message contained "lists.surbl.org", ... thus creating a loophole for spammers who might try to use this as a tactic for their spam to also bypass the filter. However, my question was probably a silly question to begin with because (as I realized when reading other's messages) the actual IP address of the surbl list server could also be factored into the local whitelisting so that such potentially shrewd tactics of spammers I mentioned above could be defeated. Follow? Rob McEwen

2 1

Re: [SURBL-Discuss] To MUNGE to not to MUNGE
by Rob McEwen 01 Sep '04

01 Sep '04

> Can you explain what you mean? Dont get it i am afraid. All the surbl > domains are whitelisted, but that was not your question i guess? I simply meant, what happens if a spammer tries to sneak various references to surbl in the e-mail (separate from their actual affiliate link, of course) as a means of trying to get whitelisted, thus defeating our whitelisting? ...but, as I said, maybe I'm too paranoid here :) > Sometimes it takes time to find out the how and the what, be happy we are > still responsive ;) Please also note, a whitelist request isnt a guarantee > that it will indeed be whitelisted... Sorry... I didn't mean to sound impatient. Chris weighed in agreeing that it probably should be whitelisted (see archive). I was thinking that when one of the "main players" (Jeff, Raymond, Chris, Joe, etc.) agrees without other disagreements... it was practically considered done. But, again, I don't mean to sound impatient... I just wanted to make sure that SallyFoster-MUNGED.com wasn't going to be missed. Thanks, Rob McEwen

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss