Discuss

discuss@lists.surbl.org

1 participants
1864 discussions

more possible FPs (2 OB, 4 WS and 2 DS)
by John Lundin 21 Aug '04

21 Aug '04

Eight possible FPs. These were taken from items reported as non-spam. The "nanas" number is raw matches on the domain from google groups. Use your own judgement... OB: www.mercenariesthegameMUNGED.com (nanas 0) mentioned in a lucasarts review OB: www.jmiequityMUNGED.com (nanas 0) mentioned in a Dow Jones newsletter The original wasn't caught by OB, but it shows up now. WS: Wireless.VentureReporterMUNGED.net (nanas 9) A stock newsletter. I checked back: it really had been subscribed to. WS: nmailerMUNGED.com (nanas 36) Design center newsletter. http://ellington.nmailerMUNGED.com/mailman/listinfo/dtgnews WS: www.imakenewsMUNGED.com (nanas 42) organization newsletter. http://www.imakenewsMUNGED.com/cabf/ (+ cleaned user tracking) imakenews makes me nervous... intrusive html. WS: ntcrMUNGED.us (nanas 43, some similar) Jupitermedia Web Events. (origin of mailing list -- appearance in unsubscribe disclaimer) (Site won't display for me, insufficiently motivated to find out why it said "Your Web browser must have cookies enabled" regardless.) And if anyone cares: DS: surveyhelp.harrispollonlineMUNGED.com (nanas 19) http://www.harrispollonlineMUNGED.com/sweeps.asp (sigh) yes, they subscribed to it. DS: www.winxpnewsMUNGED.com (nanas 42) http://www.winxpnewsMUNGED.com/issues.cfm Single reference in a tech newsletter... (I test for DS with a nominal score, so it doesn't bother me.) -- lundin(a)cavtel.net "By the time they had diminished from 50 to 8, the other dwarves began to suspect 'Hungry' ..."

1 0

RE: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** [lcngroup ](Job) Civil ProjectEngineer - Pleasanton, N. CA
by Chris Santerre 20 Aug '04

20 Aug '04

>-----Original Message----- >From: jm(a)jmason.org [mailto:jm@jmason.org] >Sent: Friday, August 20, 2004 5:00 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** >[lcngroup](Job) Civil ProjectEngineer - Pleasanton, N. CA > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >Larry Rosenman writes: >> >>>> Why is cgt-consult.com on WS? >... >> I talked to the admin, and they had been hacked, and used as >a spam source. >> They've cleaned up the mess, and have secured the machine. > >?? hacked? I wouldn't be so sure. > >Based on the spam I got, it looks a lot more like they >scraped, or bought >a dirty list of scraped addresses. > >Here's one of my spamples, in full -- I've munged the address, >but believe >me, it's 100% spamtrap, appears only on web pages, and has >never opted in >for anything ever. ;) > >- --j. > *snip* Which is an exact copy of the ones reported on NANAS. Again I ask, hacked? A hacker broke in and sent spams promoting the site he just hacked? How nice of him. --Chris

2 1

RE: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** [lcngroup ](Job) Civil ProjectEngineer - Pleasanton, N. CA
by Chris Santerre 20 Aug '04

20 Aug '04

>-----Original Message----- >From: Larry Rosenman [mailto:ler@lerctr.org] >Sent: Friday, August 20, 2004 4:47 PM >To: 'SURBL Discussion list' >Subject: RE: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** >[lcngroup](Job) Civil ProjectEngineer - Pleasanton, N. CA > > >Larry Rosenman wrote: >> Justin Mason wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> Chris Santerre writes: >>>>> Why is cgt-consult.com on WS? >>>>> They are legit, and this is from a job posting list that is >>>>> MODERATED. >> >>> >>> A confirmed DSBL listing is a *big* deal BTW. I can also confirm >>> that I've received several spams from them. >> >> >> I've reported the post to the moderator, as well as the origin, to >> let them know. >> >> I generally trust this list, but with your input, I'll shut up now. >> >> LER > >I talked to the admin, and they had been hacked, and used as a >spam source. > >They've cleaned up the mess, and have secured the machine. > >Please consider white-listing them. They've submitted a >de-list request to >dsbl. > >LER Some blacklists show they have been an open relay since 2002. I'll go thru my traps, but the one I got was not that recent. This has been a problem from that IP for a long time. Stats on spamcop show report for 360+ days. They are just now finding out they were sending this. Hacked? I'm confused by that. Hacked would use the system to promote some other product. Hackers don't normaly send out spam to promote the website they hacked! "Oh we are sorry. A hacker got in and was sending spam promoting our company. We stopped him." Is that how the conversation went? I say no. Make that a NO! I think you got handed a bucketfull of listwash. --Chris

1 0

RE: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** [lcngroup ] (Job) Civil ProjectEngineer - Pleasanton, N. CA
by Chris Santerre 20 Aug '04

20 Aug '04

> >Why is cgt-consult.com on WS? > >They are legit, and this is from a job posting list that is MODERATED. > OK serious now Larry, I'm starting to doubt what you call legit! Did you even try looking at this? Spamcop has their IP listed. There are posts all over NANAS about these guys! Hell I think I even got one of these spams directly to me! A few of your reports of False Positves have raised my eyebrows, but this one sent me over! NJABL: Not Just Another Bogus List 187.10.200.63.dnsbl.njabl.org -> 127.0.0.4 spam source -- 1019963653 NETHER-RELAYS: nether.net Confirmed Open Relays 187.10.200.63.relays.nether.net -> 127.0.0.2 SPAMCOP: SpamCop Blocking List 187.10.200.63.bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?63.200.10.187 DSBL: Distributed Server Boycott List 187.10.200.63.list.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?ip=63.200.10.187 DSBL-UNCONFIRMED: Distributed Server Boycott List 187.10.200.63.unconfirmed.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?ip=63.200.10.187 Please tell me the steps you take to determine something is "legit" and worth reporting to us? --Chris

4 6

[SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** [lcngroup] (Job) Civil Project Engineer - Pleasanton, N. CA
by Larry Rosenman 20 Aug '04

20 Aug '04

Naren wrote: > Spam detection software, running on the system "lerami.lerctr.org", > has identified this incoming email as possible spam. The original > message has been attached to this so you can view it (if it isn't > spam) or label similar future email. If you have any questions, see > ler(a)lerctr.org for details. > > Content preview: This is my direct client opening - Civil Project > Engineer - Pleasanton, N. CA Full time Permanent FTE position. My > client has immediate openings for 2 senior civil engineers with > strong technical abilities, experienced in land development > projects. We are looking for individuals who may not have the > experience of a Project Manager, but can independently evaluate, > select, and apply standard engineering techniques, procedures, and > criteria using judgment in making adaptations and modifications. > Ability to perform assignments designed to develop professional > work knowledge and abilities. Plan, schedule, conduct, or > coordinate detailed phases of technical work in portions of a major > project or in a total project of moderate scope. Provide assistance > to the Project Managers in preparing current status information for > internal reporting and for keeping client informed on progress. > Supervise or coordinate the work of drafters, technicians, and > others who assist in specific assignments. The assignments may > include one or more of the following: project design and > development for grading and utility systems from master planning > through construction, test of materials, preparation of > specifications, research investigations, report preparation, and > other activities requiring knowledge of principles and techniques > commonly employed in the specific area of assignments. Prepare > project specifications and cost estimates. [...] > > Content analysis details: (6.0 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' > 1.2 RCVD_NUMERIC_HELO Received: contains an IP address used for > HELO > 0.1 TW_CN BODY: Odd Letter Triples with CN > -1.1 BAYES_40 BODY: Bayesian spam probability is 20 to > 40% [score: 0.2312] > 1.7 RCVD_IN_RFC_IPWHOIS RBL: Sent via a relay in > ipwhois.rfc-ignorant.org [63.200.10.187 > has inaccurate or missing WHOIS] [data at > the RIR] > 3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org > > [<http://dsbl.org/listing?ip=63.200.10.187>] > 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net [Blocked - see > <http://www.spamcop.net/bl.shtml?63.200.10.187>] > 0.3 DNS_FROM_AHBL_RHSBL RBL: From: sender listed in dnsbl.ahbl.org > 1.8 RCVD_IN_NJABL_SPAM RBL: NJABL: sender is confirmed spam > source [63.200.10.187 listed in > combined.njabl.org] > 3.0 URIBL_WS_SURBL Contains a URL listed in the WS SURBL > blocklist [URIs: cgt-consult.com] Why is cgt-consult.com on WS? They are legit, and this is from a job posting list that is MODERATED. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler(a)lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749

1 0

FP in WS!
by Joseph Burford 20 Aug '04

20 Aug '04

Howdy guys, another FP for the WS guys to checkout. www.1shoppingcartMUNGED.com , appears to be list management for a valid list a customer has subscribed to. Full text with minimal modification is at: http://www.ntjl.net/surbl/20040819-ws-fp.txt Regards, Joseph

3 3

RE: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (7.4/5.0) ** Someone w ith the intials L Rmust be declared...
by Chris Santerre 20 Aug '04

20 Aug '04

>-----Original Message----- >From: Larry Rosenman [mailto:ler@lerctr.org] >Sent: Thursday, August 19, 2004 8:27 PM >To: discuss(a)lists.surbl.org >Subject: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (7.4/5.0) ** Someone >with the intials L Rmust be declared... > > >Publishers Clearing House wrote: *snip* >Why is PCH.COM on WS? Because they said I *might* be a winner! ;) J/K I didn't add them. --Chris

1 0

RE: [SURBL-Discuss] FP in WS!
by Chris Santerre 20 Aug '04

20 Aug '04

Nice find. So what happens if we subscribe again, and again, and again, and again, and again, and again, ......... :) --Chris >-----Original Message----- >From: Alex Broens [mailto:surbl@alexb.ch] >Sent: Friday, August 20, 2004 9:39 AM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] FP in WS! > > >in that msg: >----- > (This offer is for NON Subscribers ONLY! If you have >already subscribed, please do not subscribe again.) >-------scratching my head, wondering... UCE? whaddat?Alex:// >skeptical SURBL >newbiew home user //: >----- Original Message ----- >From: "Joseph Burford" <joseph.burford(a)gmail.com> >To: <discuss(a)lists.surbl.org> >Sent: Friday, August 20, 2004 11:31 AM >Subject: [SURBL-Discuss] FP in WS! > > >> Howdy guys, >> >> another FP for the WS guys to checkout. www.1shoppingcartMUNGED.com , >> appears to be list management for a valid list a customer has >> subscribed to. >> >> Full text with minimal modification is at: >> >> http://www.ntjl.net/surbl/20040819-ws-fp.txt >> >> Regards, >> >> Joseph >> _______________________________________________ >> Discuss mailing list >> Discuss(a)lists.surbl.org >> http://lists.surbl.org/mailman/listinfo/discuss >> > > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

1 0

RE: [SURBL-Discuss] More possible FPs
by Chris Santerre 20 Aug '04

20 Aug '04

Can't read russian: http://www.findaworkinnet.narod.ru/new.htm Lots of hits on NANAS for Narod.ru. But looks like the sites get taken down quick? Not sure if that is planned though. Russian ISPs aren't known for their fight against spam. And trafficzap.com appears in only a few NANAS posts. All of them also contain sitepronews.com. So there may be a connection there. --Chris >-----Original Message----- >From: Joseph Burford [mailto:joseph.burford@gmail.com] >Sent: Friday, August 20, 2004 6:10 AM >To: discuss(a)lists.surbl.org >Subject: [SURBL-Discuss] More possible FPs > > >When the WS team get a moment they may like to have a look at why >trafficMUNGEDzap.com and narMUNGEDod.ru are listed. > >Saw them both in a legit mailing today, although they may not actually >be legit in themselves :-) > >Plain text http://www.ntjl.net/surbl/20040820-ws-fp.txt >HTML http://www.ntjl.net/surbl/20040820-ws-fp.html > >Regards, > >Joseph >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

1 0

RE: [SURBL-Discuss] FP in WS!
by Chris Santerre 20 Aug '04

20 Aug '04

I didn't add, but: 1shoppingcart.com 1shoppingcart.net autocontactor.com marketerschoice.com unlimitedautoresponders.com wcpsecure.com webcontactpro.net all Robert Bell, a spammer. --Chris >-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Friday, August 20, 2004 6:36 AM >To: discuss(a)lists.surbl.org >Subject: Re: [SURBL-Discuss] FP in WS! > > >On Friday, August 20, 2004, 2:31:33 AM, Joseph Burford wrote: >> Howdy guys, > >> another FP for the WS guys to checkout. www.1shoppingcartMUNGED.com , >> appears to be list management for a valid list a customer has >> subscribed to. > >> Full text with minimal modification is at: > >> http://www.ntjl.net/surbl/20040819-ws-fp.txt > >OK I've whitelisted this domain. WS folks please see how it got >onto the list. > >Jeff C. > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss