- Discuss - Mailman 3

RE: [SURBL-Discuss] RE: Requesting removal from blacklist
by Greg Schuler 26 Jun '06

26 Jun '06

Hi Jeff, I've subscribed to the to the mailing list. Regarding your comment below, should we ever decide to re-enter the email marketing business we will build our mailing list from scratch using a confirmed/verified/closed-loop opt-in process so there will be no doubt regarding permission to mail. I've noticed that aptimus.com is still on or has moved to the ws.surbl.org list. Is there other information I can provide to further my request for removal? Regards, Greg Schuler Aptimus, Inc. … [View More] -----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Saturday, May 20, 2006 4:19 AM To: Greg Schuler Cc: William Stearns; ml-surbl-discuss Subject: Re: [SURBL-Discuss] RE: Requesting removal from blacklist On Friday, May 19, 2006, 3:08:23 PM, Greg Schuler wrote: > Hi Bill, > I appreciate your quick response. And I'm interested in what others > on the mailing list might have to say about this as well. Greg, You may want to subscribe: http://lists.surbl.org/mailman/listinfo/discuss (I had to manually approve your message since you're not subscribed. You can unsubscribe at any time.) > In answer to your questions: >>If you've assembled a live customer list with UBE for a few years, >>then stop sending UBE, doesn't that mean you get the benefits of that >>UBE even after you stop sending it? > I don't believe so. First, even though we didn't have a 100% > closed-loop opt-in list process, most of the email we sent was not > UBE. We only emailed names collected from what we believed were > legitimate transactions on our partner web sites. The consumer was > always presented with a privacy policy and terms of service that told > them they would be agreeing to receive future email offers by > completing the transaction. So while it wasn't perfect, we were making > an effort to be sure the email we sent had the end-user's permission. > We ultimately learned that this wasn't sufficient. > The fact that we ended up with spam traps and other "bad" > addresses in our email lists is proof that our process was flawed. So > we decided to exit the email business in December, 2005. Had we > continued to email "live customers" after that, then yes I suppose you > could say we were still benefiting from past practices. But we didn't > do that. One way to definitively solve this kind of problem is to mail your existing addresses and ask if they still want to get mail. If they don't reply or say no, you remove them. It's a pretty standard solution. Have you considered that? Jeff C. -- Don't harm innocent bystanders. [View Less]

2 2

Merak
by Tom McGlinn 24 Jun '06

24 Jun '06

Hello all. SURBL/URIBL checks aren't working properly in Merak Mail server. We have been working with the vendor, providing examples of failures, as they try to make repairs. We run Merak Mail server. Is there another product that can be added separately to implement SURBL checks correctly? If not, will you kindly provide the name of a mail server that has proven to work very well with SURBL/URIBL? I view your work as such an effective tool against spam, that I'm willing to … [View More]

2 3

I can't find myself in multi.surbl.org but some software says I am - now what?
by milius＠milius.net 05 Jun '06

05 Jun '06

hello list, I'm here because I was just using some wiki software that told me I can not insert my domain: http://www.milius.net there because it's in this list: multi.surbl.org so I checked http://www.rulesemporium.com/cgi-bin/uribl.cgi and http://www.surbl.org/implementation.html but my domain does not seem to be in any blacklist or am I doing something wrong? could someone please help me to get my domain clean again? best, oliver

3 5

multi.surbl.org doesnt resolve ??
by surbl-discuss 31 May '06

31 May '06

Hi everyone Please forgive me if this question has been answered recently but I have only joined the list today. My question is multi.surbl.org no longer resolves to an IP address - is it still the preferred hostname to use? The reason I ask is because our mailgateway product uses this as one of its tests and our support company seem to be getting nowhere finding out whats wrong or who to ask I can resolve this name from - home work internetcafe As I say, please forgive me if this … [View More]

3 3

RE: [SURBL-Discuss] Weird TLD/site in Phish
by List Mail User 26 May '06

26 May '06

>> -----Original Message----- >> From: Larry Rosenman [mailto:ler@lerctr.org] >> Sent: Thursday, May 25, 2006 9:53 AM >> To: 'SURBL Discussion list' >> Subject: RE: [SURBL-Discuss] Weird TLD/site in Phish >> >> >> Chris Santerre wrote: >> > I have no idea if this is a legit site hijacked, bad site, >> or a secret >> > society of the Illuminati! >> > >> > http://www.zorka-opeka.co.yu/-/ >> > … [View More]

1 0

RE: [SURBL-Discuss] Weird TLD/site in Phish
by Chris Santerre 25 May '06

25 May '06

> -----Original Message----- > From: Larry Rosenman [mailto:ler@lerctr.org] > Sent: Thursday, May 25, 2006 9:53 AM > To: 'SURBL Discussion list' > Subject: RE: [SURBL-Discuss] Weird TLD/site in Phish > > > Chris Santerre wrote: > > I have no idea if this is a legit site hijacked, bad site, > or a secret > > society of the Illuminati! > > > > http://www.zorka-opeka.co.yu/-/ > > > > .yu ??????? Yugoslavia? > yep. > > … [View More]

3 2

RE: [SURBL-Discuss] Weird TLD/site in Phish
by Chris Santerre 25 May '06

25 May '06

Thanks. One of our guys says it is infact a hacked legit site. Albeit for bricks :) So Like you said, it might be fine to list until it is taken down. Hell it may be the only way they realise they got hacked! :) --Chris > -----Original Message----- > From: Jeff Chan [mailto:jeffc@surbl.org] > Sent: Thursday, May 25, 2006 11:07 AM > To: Chris Santerre > Cc: 'SURBL Discussion list' > Subject: Re: [SURBL-Discuss] Weird TLD/site in Phish > > > On Thursday, May 25, … [View More]2006, 7:09:26 AM, Chris Santerre wrote: > > Thanks, I actually sent this to the wrong list :) But does > anyone know how > > to read er... yugoslavian? I don't want to Blacklist > without knowing more > > about the site. Could be a free hoster or something. > > I usually look at whois or DNS, but in this case there's nothing > too useful: > > > Domain Name: ZORKA-OPEKA.CO.YU > Namespace: ICANN Country Code Top Level Domain - > http://www.icann.org > TLD Info: See IANA Whois - http://www.iana.org/root-whois/yu.htm > Registry: Registry information not yet configured > Registrar: Registry information not yet configured > Whois Server: (none) > Name Server[from dns, dns ip]: NS3.LOOPIA.SE 194.9.94.245 > Name Server[from dns, dns ip]: NS4.LOOPIA.SE 194.9.95.245 > > [DNS Information for ZORKA-OPEKA.CO.YU] > Trying "ZORKA-OPEKA.CO.YU" > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58580 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 > > ;; QUESTION SECTION: > ;ZORKA-OPEKA.CO.YU. IN ANY > > ;; ANSWER SECTION: > ZORKA-OPEKA.CO.YU. 59 IN NS ns4.loopia.se. > ZORKA-OPEKA.CO.YU. 59 IN NS ns3.loopia.se. > > ;; AUTHORITY SECTION: > ZORKA-OPEKA.CO.YU. 59 IN NS ns4.loopia.se. > ZORKA-OPEKA.CO.YU. 59 IN NS ns3.loopia.se. > > ;; ADDITIONAL SECTION: > ns3.loopia.se. 3599 IN A 194.9.94.245 > ns4.loopia.se. 3599 IN A 194.9.95.245 > > Received 140 bytes from 216.151.192.1#53 in 3 ms > > > > Non-authoritative answer: > ZORKA-OPEKA.CO.YU > origin = ns3.loopia.se > mail addr = registry.loopia.se > serial = 1146743921 > refresh = 10800 > retry = 3600 > expire = 25200 > minimum = 86400 > > Authoritative answers can be found from: > ZORKA-OPEKA.CO.YU nameserver = ns3.loopia.se. > ZORKA-OPEKA.CO.YU nameserver = ns4.loopia.se. > ns3.loopia.se internet address = 194.9.94.245 > ns4.loopia.se internet address = 194.9.95.245 > > > Non-authoritative answer: > Name: ZORKA-OPEKA.CO.YU > Address: 195.178.52.202 > > > Looks like it has about 7 google hits, so it's probably not a > huge loss if blacklisted, especially if it's un-blacklisted when > the phishing site goes away. > > BTW, while the Soviet Union no longer exists, the .su domain > still does, though we thought some of the domains on it were > dubious. > > Jeff C. > -- > Don't harm innocent bystanders. > [View Less]

1 0

Weird TLD/site in Phish
by Chris Santerre 25 May '06

25 May '06

I have no idea if this is a legit site hijacked, bad site, or a secret society of the Illuminati! http://www.zorka-opeka.co.yu/-/ .yu ??????? Yugoslavia? Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com

2 1

RE: Requesting removal from blacklist
by Greg Schuler 20 May '06

20 May '06

Hi Bill, I appreciate your quick response. And I'm interested in what others on the mailing list might have to say about this as well. In answer to your questions: >If you've assembled a live customer list >with UBE for a few years, then stop sending UBE, doesn't that mean you get >the benefits of that UBE even after you stop sending it? I don't believe so. First, even though we didn't have a 100% closed-loop opt-in list process, most of the email we sent was not UBE. We only … [View More]emailed names collected from what we believed were legitimate transactions on our partner web sites. The consumer was always presented with a privacy policy and terms of service that told them they would be agreeing to receive future email offers by completing the transaction. So while it wasn't perfect, we were making an effort to be sure the email we sent had the end-user's permission. We ultimately learned that this wasn't sufficient. The fact that we ended up with spam traps and other "bad" addresses in our email lists is proof that our process was flawed. So we decided to exit the email business in December, 2005. Had we continued to email "live customers" after that, then yes I suppose you could say we were still benefiting from past practices. But we didn't do that. > Secondly, I went back to the mail I've gotten from aptimus >.net/com for the past few years to look at the "partner" domains (domains >also linked to in mails that point at aptimus .net/com. A number of them >continue to send UBE, which makes me wonder if perhaps you've stopped >using your own domain name in the mails but continue to send UBE (that's >not an accusation, it literally is a question). Would you be willing to >help me understand your relationships with the following domains? The >following are the ones that I've seen in 2006: > >Jan 8 03:17 tr1usc .com >Jan 15 16:22 consumertoday .net >Jan 15 16:22 aptimus .com >Jan 15 16:22 alnimglrhyd .cc >Jan 20 02:45 alnimglrbsh .cc >Jan 20 02:45 alnclklrbsh .com >Jan 20 02:45 mediamarketsystem .com >Jan 21 22:55 collectiblestoday .com >Jan 27 01:31 removeservice .com >Feb 4 04:34 thrifthealth .com >Mar 11 02:29 alnclklrhyd .com >Mar 11 02:30 eforcemedia .com >Mar 11 02:32 laih .com >Mar 12 15:00 emarketmakers .com >Mar 12 22:44 dentalplans .com >Mar 12 22:44 intriguelearning .com >Apr 16 02:09 dnelist .com >Apr 16 02:09 esideliver .com Question: are you saying that these domains continue to send UBE that ALSO continue to contain references to Aptimus? If so, that could be bad (and we'd very much like to know about it). Otherwise, of the above listed domains the only one we have a direct relationship with (other than aptimus.com, of course), is consumertoday.net. We own that domain and it was one of the domains we used for email marketing. We stopped using consumertoday.net in December, 2005. Please let me know if you have any further questions, and I look forward to a (hopefully positive) response on the delisting of our domains. Regards, Greg Schuler Aptimus, Inc. -----Original Message----- From: William Stearns [mailto:wstearns@pobox.com] Sent: Friday, May 19, 2006 1:47 PM To: Greg Schuler; ml-surbl-discuss Cc: William Stearns Subject: Re: Requesting removal from blacklist Good morning, Greg, I've CC'd the surbl mailing list with this post because I'd like to hear the opinions of the other member of the surbl team. On Thu, 18 May 2006, Greg Schuler wrote: > Greetings, > > As the IT director for Aptimus I have for some time known that our > domain has been blacklisted. This is because Aptimus was formerly in > the email marketing business and we did not have a 100% closed-loop > opt-in process. During that time I received a relatively steady supply of UBE to a small number of spamtraps, so I'm hesitant to remove your domain without some discussion. > We left the email business last year and for all of 2006 we have sent > email only to those end users who have "transacted" on our partner web We appreciate your taking a positive step and contacting us after that; that's one of the reasons why I'm seriously considering your request. > sites. We do not add these email addresses to any mailing lists and we > never send a user more than one message (e.g. these are confirmation > messages sent to acknowledge a legitimate web-based transaction such as > purchasing a product, entering a contest, signing up for a newsletter or > service or some similar activity). Unfortunately it seems even sending > a confirmation message is considered "Spam" by some people and we still > get a few complaints, but never more than a couple per month. Confirmation messages with no other commercial content are not considered spam in our project, so you're OK there. > Based on the above, would it be possible to have aptimus.com and > aptimus.net removed from your list? If not, could you explain why? If > there's something else we need to do to get our domains cleaned up I'd > really like to know. The last aptimus.net mail I got was from January 15th, so that tends to support what you said. I have a few questions. If you've assembled a live customer list with UBE for a few years, then stop sending UBE, doesn't that mean you get the benefits of that UBE even after you stop sending it? Secondly, I went back to the mail I've gotten from aptimus .net/com for the past few years to look at the "partner" domains (domains also linked to in mails that point at aptimus .net/com. A number of them continue to send UBE, which makes me wonder if perhaps you've stopped using your own domain name in the mails but continue to send UBE (that's not an accusation, it literally is a question). Would you be willing to help me understand your relationships with the following domains? The following are the ones that I've seen in 2006: Jan 8 03:17 tr1usc .com Jan 15 16:22 consumertoday .net Jan 15 16:22 aptimus .com Jan 15 16:22 alnimglrhyd .cc Jan 20 02:45 alnimglrbsh .cc Jan 20 02:45 alnclklrbsh .com Jan 20 02:45 mediamarketsystem .com Jan 21 22:55 collectiblestoday .com Jan 27 01:31 removeservice .com Feb 4 04:34 thrifthealth .com Mar 11 02:29 alnclklrhyd .com Mar 11 02:30 eforcemedia .com Mar 11 02:32 laih .com Mar 12 15:00 emarketmakers .com Mar 12 22:44 dentalplans .com Mar 12 22:44 intriguelearning .com Apr 16 02:09 dnelist .com Apr 16 02:09 esideliver .com > Thanks and regards, > > Greg Schuler > Director, Technology & Operations > Aptimus, Inc. (NASDAQ: APTM) > The Point-of-Action Online > Advertising Network > > 100 Spear Street, Suite 1115 > San Francisco, CA 94105 > Ph: 415-896-2123 x242 > Fax: 208-361-2452 > Mobile: 415-596-6127 > gregs(a)aptimus.com Cheers, - Bill --------------------------------------------------------------------------- "My fellow Americans. I've signed legislation that will outlaw Russia forever. We begin bombing in five minutes." - President Reagan, before a scheduled radio broadcast, unaware that the microphone was already on... (Courtesy of Brian S. Dellinger <Brian.Dellinger(a)Dartmouth.EDU>) -------------------------------------------------------------------------- William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org -------------------------------------------------------------------------- [View Less]

2 1

Re: Requesting removal from blacklist
by William Stearns 19 May '06

19 May '06

Good morning, Greg, I've CC'd the surbl mailing list with this post because I'd like to hear the opinions of the other member of the surbl team. On Thu, 18 May 2006, Greg Schuler wrote: > Greetings, > > As the IT director for Aptimus I have for some time known that our > domain has been blacklisted. This is because Aptimus was formerly in > the email marketing business and we did not have a 100% closed-loop > opt-in process. During that time I received a relatively … [View More]steady supply of UBE to a small number of spamtraps, so I'm hesitant to remove your domain without some discussion. > We left the email business last year and for all of 2006 we have sent > email only to those end users who have "transacted" on our partner web We appreciate your taking a positive step and contacting us after that; that's one of the reasons why I'm seriously considering your request. > sites. We do not add these email addresses to any mailing lists and we > never send a user more than one message (e.g. these are confirmation > messages sent to acknowledge a legitimate web-based transaction such as > purchasing a product, entering a contest, signing up for a newsletter or > service or some similar activity). Unfortunately it seems even sending > a confirmation message is considered "Spam" by some people and we still > get a few complaints, but never more than a couple per month. Confirmation messages with no other commercial content are not considered spam in our project, so you're OK there. > Based on the above, would it be possible to have aptimus.com and > aptimus.net removed from your list? If not, could you explain why? If > there's something else we need to do to get our domains cleaned up I'd > really like to know. The last aptimus.net mail I got was from January 15th, so that tends to support what you said. I have a few questions. If you've assembled a live customer list with UBE for a few years, then stop sending UBE, doesn't that mean you get the benefits of that UBE even after you stop sending it? Secondly, I went back to the mail I've gotten from aptimus .net/com for the past few years to look at the "partner" domains (domains also linked to in mails that point at aptimus .net/com. A number of them continue to send UBE, which makes me wonder if perhaps you've stopped using your own domain name in the mails but continue to send UBE (that's not an accusation, it literally is a question). Would you be willing to help me understand your relationships with the following domains? The following are the ones that I've seen in 2006: Jan 8 03:17 tr1usc .com Jan 15 16:22 consumertoday .net Jan 15 16:22 aptimus .com Jan 15 16:22 alnimglrhyd .cc Jan 20 02:45 alnimglrbsh .cc Jan 20 02:45 alnclklrbsh .com Jan 20 02:45 mediamarketsystem .com Jan 21 22:55 collectiblestoday .com Jan 27 01:31 removeservice .com Feb 4 04:34 thrifthealth .com Mar 11 02:29 alnclklrhyd .com Mar 11 02:30 eforcemedia .com Mar 11 02:32 laih .com Mar 12 15:00 emarketmakers .com Mar 12 22:44 dentalplans .com Mar 12 22:44 intriguelearning .com Apr 16 02:09 dnelist .com Apr 16 02:09 esideliver .com > Thanks and regards, > > Greg Schuler > Director, Technology & Operations > Aptimus, Inc. (NASDAQ: APTM) > The Point-of-Action Online > Advertising Network > > 100 Spear Street, Suite 1115 > San Francisco, CA 94105 > Ph: 415-896-2123 x242 > Fax: 208-361-2452 > Mobile: 415-596-6127 > gregs(a)aptimus.com Cheers, - Bill --------------------------------------------------------------------------- "My fellow Americans. I've signed legislation that will outlaw Russia forever. We begin bombing in five minutes." - President Reagan, before a scheduled radio broadcast, unaware that the microphone was already on... (Courtesy of Brian S. Dellinger <Brian.Dellinger(a)Dartmouth.EDU>) -------------------------------------------------------------------------- William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org -------------------------------------------------------------------------- [View Less]

1 0

Subdomains in SURBL
by Brandon Hutchinson 18 May '06

18 May '06

Hello, Looking at the multi.surbl.org zone yesterday, I noticed approximately 373 subdomains in the list. Here are a few examples: www.fcudwedenagov.com www.freecat.biz www.hesvlabean.com www.hterrani.com ms7.pptel.net msn.41m.com mwetillf.iscool.net mx.servebbs.net mx2.dynu.net www.yelvertonstores.co.uk Looking at http://www.surbl.org/implementation.html item 2, do these subdomains belong in the list? "Extract base (registrar) domains from those URIs. This includes removing any … [View More]

4 9

surbl.org / urilbl.com for blog comment spam tracking
by Karanbir Singh 16 May '06

16 May '06

hey guys, it seems a year back, there was a request to add blog comment spam uri / hosts to surbl.org. That thread went to no real conclusion, and I was just wondering if there is any move to have this uri in surbl or uribl.com ? - KB -- Karanbir Singh : http://www.karan.org/ : 2522219@icq

2 1

Recent SpamAssassin mass check results
by Jeff Chan 12 May '06

12 May '06

FWIW Here are last Saturday's SA mass check results, courtesy of Theo: http://www.surbl.org/news.html MSECS SPAM% HAM% S/O RANK SCORE NAME 0 181939 52229 0.777 0.00 0.00 (all messages) 0.00000 77.6959 22.3041 0.777 0.00 0.00 (all messages as %) 22.377 28.8009 0.0000 1.000 1.00 0.00 URIBL_SC_SURBL 26.604 34.2378 0.0134 1.000 1.00 0.00 URIBL_WS_SURBL 24.854 31.9854 0.0115 1.000 1.00 0.00 URIBL_JP_SURBL … [View More]

2 1

en34.com
by Karen Wilson 04 May '06

04 May '06

I am getting a ton of porn spam about Russian girls. They come from a first name with no e-mail ID. On my fllter I found man, many e-mails from people at en34.com, which doesn't exist. Know anything? K

2 1

Re: [SURBL-Announce] MEFilter and milter-link add SURBL support
by Chris Sweeney 02 May '06

02 May '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone download this? I can't seem to find it listed on the downloads page even after login. Jeff Chan wrote: > Two applications add SURBL support to Sendmail and MailEnable > respectively: > > > Anthony Howe of SnertSoft reports that his milter-link/0.1 for > Sendmail "extracts URLs from the message body (text, HTML, and/or > MIME encoded)" and checks them against SURBLs, or after domain > resolution against RBLs. … [View More]

2 1

Re: [SURBL-Announce] milter-uri.pl is a Perl Sendmail milter
by Todd Vierling 28 Apr '06

28 Apr '06

On 4/28/06, Jeff Chan <jeffc(a)surbl.org> wrote: > Steve Freegard of Fort Systems Ltd. reports that milter-uri.pl is > a basic Sendmail milter written in Perl using Sendmail::PMilter > and SpamAssassin libraries. I happen to be the Sendmail::PMilter author. I suppose this would be a good time for me to go revisit the package and clean up a few things I've meant to do for a couple years. Unexpected attention can be a good motivator. ;) (BTW, if this makes it to the discuss@ … [View More]

1 0

Domains not getting listed on SURBL
by Guy Rosen 24 Apr '06

24 Apr '06

Hi, We noticed a whole bunch of domains which are used by spammers affiliated with AdultActionCam that are consistently not getting listed on SURBL, and I thought I'd point it out. Are they maybe doing something special there to prevent getting listed? These are a few examples: hookinghawks dot com Giggaty dot com jerkingcough dot com superflighter dot com largebegs dot com payperblew dot com rufflyruse dot com Slaptick dot com purplefist dot com fallingfallers dot com jarsfilling dot com … [View More]

2 1

URI Blacklisting at the MTA level
by Steve Freegard 18 Apr '06

18 Apr '06

Hi All, I've written a basic Sendmail milter in Perl using Sendmail::PMilter which uses the SpamAssassin libraries with just the 20_uri_tests.cf rules file (so it is relatively light) to strip the URI's from a message and then check them against multi.surbl.org and black.uribl.com and reject any messages that contains blacklisted URI's. It's rough code at the moment - there's no whitelisting or any start/stop scripts for it yet and this is my first attempt at anything in Perl - I've been … [View More]

2 1

Autoreply: [SURBL-Discuss] URI Blacklisting at the MTA level
by scottwolf＠aginet.com 17 Apr '06

17 Apr '06

I am out of the office April 10th - April 22nd. I will have limited access to voicemail and e-mail. If you need assistance please contact Dave at aginet(a)aginet.com or 252-255-5557. Scott Wolf Aginet

1 0

RE: [SURBL-Discuss] html hex codes used in links
by Matthew.van.Eerde＠hbinc.com 03 Apr '06

03 Apr '06

Nathan Barham wrote: > I received a phishing scam yesterday where the domain part of the evil > link was in html hex code. This seems to defeat any SURBL listing. > I'm using a postfix body check to handle it now, but does anyone have > a better idea? It could be worse. They could be using javascript to factor a given product of large primes, and then using the factors to build the IP address. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic … [View More]

1 0

html hex codes used in links
by Nathan Barham 03 Apr '06

03 Apr '06

Hello list, I received a phishing scam yesterday where the domain part of the evil link was in html hex code. This seems to defeat any SURBL listing. I'm using a postfix body check to handle it now, but does anyone have a better idea? Thanks.

2 1

Spam In Form Of Gif File
by Warren Robinson 31 Mar '06

31 Mar '06

Hello, Has anyone figured out how to pull this spam in. The only common factor in the GIF hex file is GIF87a ! Look forward to your comments Regards Warren Robinson

3 2

Fwd: Please pass on to SURBL lists...
by Jeff Chan 24 Mar '06

24 Mar '06

This is a forwarded message From: Catherine Hampton <ariel(a)spambouncer.org> To: Jeff Chan <jeffc(a)surbl.org> Date: Thursday, March 23, 2006, 12:37:24 PM Subject: Please pass on to SURBL lists... ===8<==============Original message text=============== I don't think I'm subscribed to the lists that should see this soonest. Thanks! =-=-=-=-=-=-=-=-=-= Today I've seen a massive spam run on some of my domains, older domains that have a lot of spamtraps. The spams are all sent … [View More]via open proxies/forged headers/etc., have subject lines of something along the lines of "for investors", "best way to invest", "do you want to invest", etc. The message bodies are pure text, two lines long, and consist of URLs at legitimate domain registrars and other companies not involved in the spam. Here are a few sample message bodies: =-=-=-=-=-=-=-=-=-= We offer best way for investment. http://godaddy.com/investdot.com We offer best way for investment. http://enom.com/talkgold.com We offer best way for investment. http://1BLU.DE/SX-INVEST.COM Do you want to invest your money ? Ask me how http://www.moneymakergroup.com/ [Is this one legit? I don't know. But it's part of the same pattern.] Don't lose your chance to make really good investor carier! http://www.mailer.vascoinvestment.com [Not sure about this one either.] 400% profit per month is TRUE! Visit our site. http://everydns.net/privateopps.com Don't lose your chance to make really good investor carier! http://namecheap.com/talkgold.com =-=-=-=-=-=-=-=-=-= I noticed that vascoinvestment.com is already listed in URIBL, and moneymakergroup.com is in SURBL (William Stearns). Just in case people hadn't noticed, I wanted to point out that we need to be careful about listing domains from these emails. It's perfectly possible, of course, that some of them are spammy and the others are being used as camoflauge, to slow down the SURBL and URIBL volunteers, and to cause FPs and make those blocklists less effective. It's also possible that *all* of them are legitimate/innocent. In either case, I think blocklists, and particularly SURBL and URIBL, are the targets of this attack. So please be careful and don't let the idiots win! -- Catherine Hampton <ariel(a)spambouncer.org> The SpamBouncer * <http://www.spambouncer.org/> Personal Home Page * <http://www.devsite.org/> ===8<===========End of original message text=========== -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/ [View Less]

6 8

Problem with rbldnsd on Linux
by David B Funk 24 Mar '06

24 Mar '06

I'm having issues running rbldnsd (rbldnsd-0.996) on Linux. Tried two different varients (SUSE 10.0 & RH 4 AS) and both lock up if I use the '-f' option, no problem with '-f' when running on HP-UX. The problem occurs during a zone data reload, the parent forks off a child to answer requests while it reloads (what the -f does) then when it's done and tries to reap the child it goes into a spin-loop. Anybody else seen this, know of a solution other than the workaround of not using the '-f' … [View More]

2 1

Fw: Interesting Phishing Trick
by Kevin A. McGrail 08 Mar '06

08 Mar '06

A co-worker of mine just pointed this out to me today. He tested it in Thunderbird and I tested it in OE6. It warrants serious attention. Ignoring the munged part, this would trick a very savvy internet user that allows HTML email, clicks on a link and doesn't check the browser address line. Any input on rules or techniques to block this nasty fellow? Sincerely, KAM > I just received a phishing e-mail claiming to be from eBay. All of the > links LOOKED legit, including what … [View More]

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss