Discuss

discuss@lists.surbl.org

1862 discussions

[SURBL-Discuss] {Spam?} FW: ***SPAM*** (7.4/5.0) ** Someone with the intials L R must be declared...
by Larry Rosenman 20 Aug '04

20 Aug '04

Publishers Clearing House wrote: > Spam detection software, running on the system "lerami.lerctr.org", > has identified this incoming email as possible spam. The original > message has been attached to this so you can view it (if it isn't > spam) or label similar future email. If you have any questions, see > ler(a)lerctr.org for details. > > Content preview: Someone with the intials L R must be declared... > Lawrence Rosenman L R Lawrence Rosenman: [...] > > Content analysis details: (7.4 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.7 SARE_OEM_FAKE_YEAR BODY: SARE_OEM_FAKE_YEAR > 1.6 UNCLAIMED_MONEY BODY: People just leave money laying > around > 0.7 SARE_MONEYTERMS BODY: Talks about money in some way. > 0.1 HTML_80_90 BODY: Message is 80% to 90% HTML > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to > 60% [score: 0.5000] > 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size > 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME > parts > 3.0 URIBL_WS_SURBL Contains a URL listed in the WS SURBL > blocklist [URIs: pch.com] > > The original message was not completely plain text, and may be unsafe > to open with some email clients; in particular, it may contain a > virus, or confirm that your address can receive spam. If you wish to > view it, it may be safer to save it to a file and open it with an > editor. Why is PCH.COM on WS? They are (semi-)legit. LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler(a)lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749

2 1

RE: survey-MUNGED.com (Was: Re: [SURBL-Discuss] {Spam?} FP in WS, OB)
by Chris Santerre 19 Aug '04

19 Aug '04

No hijack! Here was what his first post said: > 3.0 URIBL_WS_SURBL Contains a URL listed in the WS SURBL > blocklist [URIs: survey.com] > 4.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL > blocklist [URIs: messagingpipeline.com advancedippipeline.com > bizintelligencepipeline.com enterpriseappspipeline.com] Did you miss the survey part? ;) --Chris >-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, August 19, 2004 5:14 PM >To: SURBL Discuss >Subject: survey-MUNGED.com (Was: Re: [SURBL-Discuss] {Spam?} FP in >WS,OB) > > >On Thursday, August 19, 2004, 2:05:18 PM, Chris Santerre wrote: >> But what about survery-munged.com? I feel they are spammers. >But I'm open to >> discussion :) > >LOL! Nice hij@ck! > >I'm still waiting to hear whether they appear in any >legitimate messages. Does venteinc.com have any >legitimate customers? > >Jeff C. > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

2 1

Announcing the Spamtrappers list
by jm＠jmason.org 19 Aug '04

19 Aug '04

Hi all -- It occurred to me recently that maybe quite a lot of the innards of spamtrap systems are being kept more secret than they need to be, and a public mailing list for spamtrap operators would be well worthwhile. There's a number of things that would be improved through sharing our techniques, suggestions, possibly even data -- - new scaling mechanisms; - what to do with all that spam - where to report, ways to analyze it, etc.; - new protocols for dealing effectively with massive quantities of spam - for example, using SMTP to deliver spamtrap data is not necessarily required, since reliability isn't as important for spam forwarding as it is for ham, considering the volumes; - an "open source" approach to the problem; there's currently a lot of secrecy, and probably more than is really required (as long as we don't spill the beans on what domains and addresses we're collecting from). Being able to share thoughts can be very useful, esp. when someone notices some new spammer behaviour. The list info and subscription page is here: http://lists.taint.org/mailman/listinfo/spamtrappers/ --j.

1 0

RE: [SURBL-Discuss] {Spam?} FP in WS,OB
by Chris Santerre 19 Aug '04

19 Aug '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, August 19, 2004 4:46 PM >To: discuss(a)lists.surbl.org >Cc: postmaster(a)outblaze.com >Subject: Re: [SURBL-Discuss] {Spam?} FP in WS,OB > > >On Thursday, August 19, 2004, 1:21:52 PM, Larry Rosenman wrote: >> Storage Pipeline Newsletter wrote: >>> Spam detection software, running on the system "lerami.lerctr.org", >>> has identified this incoming email as possible spam. The original >>> message has been attached to this so you can view it (if it isn't >>> spam) or label similar future email. If you have any questions, see >>> ler(a)lerctr.org for details. >>> >>> Content preview: STORAGE PIPELINE NEWSLETTER >>> http://www.StoragePipeline.com/ Thursday, August 19, 2004 1. >>> Editor's Note 2. Only The Best Storage News 3. Special Report: >>> Microsoft's Next Storage Play 4. Storage Spotlight: >Hewlett-Packard >>> In Turmoil 5. Check Some Boxes, Win $500 6. Top Trend: Study Shows >>> Bright Future For Utility Computing 7. FUDBusters: Serial ATA >>> Storage Drives 8. Voting Booth: SMI-S Purchasing Plans 9. Discover >>> NAS Appliances In Product Finder 10. Check Out The >Storage Pipeline >>> Topic Centers - Storage Software - Storage Hardware - SAN/NAS - >>> Storage Services 11. Tell A Colleague About Storage Pipeline >>> Newsletter 12. Have You Discovered The Other Pipelines? 13. >>> Subscribe To The Storage Pipeline RSS Feed >>> 14. Change Your Subscription Options [...] >>> >>> Content analysis details: (8.3 points, 5.0 required) >>> >>> pts rule name description >>> ---- ---------------------- >>> -------------------------------------------------- >>> -0.4 BAYES_05 BODY: Bayesian spam probability >is 1 to 5% >>> [score: 0.0377] >>> 1.7 RCVD_IN_RFC_IPWHOIS RBL: Sent via a relay in >>> ipwhois.rfc-ignorant.org [$ has >>> inaccurate or missing WHOIS data at the] >>> [RIR] >>> 3.0 URIBL_WS_SURBL Contains a URL listed in the WS SURBL >>> blocklist [URIs: survey.com] >>> 4.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL >>> blocklist [URIs: messagingpipeline.com advancedippipeline.com >>> bizintelligencepipeline.com enterpriseappspipeline.com] > >> This is from the CMP storagepipline list. > >> Why are they on OB? And also WS? > >OB had: > >advancedippipeline.com >bizintelligencepipeline.com >enterpriseappspipeline.com >messagingpipeline.com > >I've whitelisted those all and also: > >storagepipeline.com > >All belong to CMP Media, a large and legitimate tech publisher. > >The domains do not appear in WS. > > >Outblaze, >Please consider not blocking on these also. > >Jeff C. But what about survery-munged.com? I feel they are spammers. But I'm open to discussion :) --Chris

2 1

{Spam?} FP in WS,OB
by Larry Rosenman 19 Aug '04

19 Aug '04

Storage Pipeline Newsletter wrote: > Spam detection software, running on the system "lerami.lerctr.org", > has identified this incoming email as possible spam. The original > message has been attached to this so you can view it (if it isn't > spam) or label similar future email. If you have any questions, see > ler(a)lerctr.org for details. > > Content preview: STORAGE PIPELINE NEWSLETTER > http://www.StoragePipeline.com/ Thursday, August 19, 2004 1. > Editor's Note 2. Only The Best Storage News 3. Special Report: > Microsoft's Next Storage Play 4. Storage Spotlight: Hewlett-Packard > In Turmoil 5. Check Some Boxes, Win $500 6. Top Trend: Study Shows > Bright Future For Utility Computing 7. FUDBusters: Serial ATA > Storage Drives 8. Voting Booth: SMI-S Purchasing Plans 9. Discover > NAS Appliances In Product Finder 10. Check Out The Storage Pipeline > Topic Centers - Storage Software - Storage Hardware - SAN/NAS - > Storage Services 11. Tell A Colleague About Storage Pipeline > Newsletter 12. Have You Discovered The Other Pipelines? 13. > Subscribe To The Storage Pipeline RSS Feed > 14. Change Your Subscription Options [...] > > Content analysis details: (8.3 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > -0.4 BAYES_05 BODY: Bayesian spam probability is 1 to 5% > [score: 0.0377] > 1.7 RCVD_IN_RFC_IPWHOIS RBL: Sent via a relay in > ipwhois.rfc-ignorant.org [$ has > inaccurate or missing WHOIS data at the] > [RIR] > 3.0 URIBL_WS_SURBL Contains a URL listed in the WS SURBL > blocklist [URIs: survey.com] > 4.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL > blocklist [URIs: messagingpipeline.com advancedippipeline.com > bizintelligencepipeline.com enterpriseappspipeline.com] This is from the CMP storagepipline list. Why are they on OB? And also WS? -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler(a)lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749

2 1

ws.surbl.org entry lag
by Alex Broens 19 Aug '04

19 Aug '04

Jeff, Bill has mentioned that he updates the ws.surbl.org data every 15 minutes. how often/hour is this data loaded into the ws.surbl.org zone? Thanks Alex

2 2

Strange happenings...
by Bill Landry 19 Aug '04

19 Aug '04

Can anyone explain why this particular URI gets tagged by WS when none of the other URIs in the message (including several others from g.msn.com) get tagged: http://g.msn.MUNGEDcom/0NL34044/2531 Must be something about this particular URI string that causes the parser to handle it differently. If someone wants to see the message this URI came from, let me know and I'll send it to you. Bill

2 4

hat check
by Chris Santerre 18 Aug '04

18 Aug '04

With all this talk of spanking people for adding FPs, I'm not sure if I should be careful, or buy some beer and nachos and wait to be spanked ;) Anywho, I need a check on these guys: cwiservices.com Spank you very much, --Chris (The guy without AIM or ICQ!)

1 0

RE: [SURBL-Discuss] FP in ws.surbl.org domeus_REMOVE.com / domeus _REMOVE.es
by Chris Santerre 18 Aug '04

18 Aug '04

>-----Original Message----- >From: Mariano Absatz [mailto:el.baby@gmail.com] >Sent: Wednesday, August 18, 2004 2:00 AM >To: SURBL Discussion list >Subject: [SURBL-Discuss] FP in ws.surbl.org domeus_REMOVE.com / >domeus_REMOVE.es > > >Hi people, hi Bill... > >I just detected a FP in ws.surbl.org... and I was the one who >submitted the domains :-( > >It's 2 domains: domeus_REMOVE.com / domeus_REMOVE.es > >It seems to be some kind of public list server with little control >about what their users/customers subscribe. > >I'll look in my spamcan for the offending messages and will try to >contact them to see if they do something about those customers. > >But I got the FP from a message forwarded from a completely legit >mailing list, so I guess our policy should lead us to remove those >domains from the list. > >I'll see what I can do tomorrow... I'm finishing putting in production >MailScanner+SpamAssassin+SURBL in a mid-sized ISP... it's 3:00 AM, I >haven't slept a wink, I broke a leg last week and my Doctor insists on >opening it before this weekend to get the bone nailed in place... I >won't be able to walk on my feet for a month and a half :-( > >Regards. Bah! We get guys in hockey get injuries like that all the time. You will be back next season! They always come back! Muahahahahahahahah :) --Chris (Physical contact sport freak!)

1 0

RE: [SURBL-Discuss] Re: FP from WS
by Chris Santerre 18 Aug '04

18 Aug '04

Hell yeah! These didn't come from me or Steve! Oh that feels good to say! Of course, I haven't checked all my SURBL emails yet :) --Chris >-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Tuesday, August 17, 2004 9:19 PM >To: discuss(a)lists.surbl.org >Subject: [SURBL-Discuss] Re: FP from WS > > >On Tuesday, August 17, 2004, 4:33:21 PM, Larry Rosenman wrote: >> The following 2 URIs (and possibly a third) are FP's: > >> i-say-MUNGED.com >> Surveynetworks-MUNGED.com > >> And possibly >> Itracks-MUNGED.com > >> i-say-MUNGED is the IPSOS survey site, and seems legit, and >> surveynetworks-MUNGED >> Is a collection of them. > >> I'm not 100% certain of itracks-MUNGED, but please check. > >> These are all on WS. > >Thanks Larry, >I checked them a little and they all look at least >quasi-legitimate, so I whitelisted them all, plus some >related domains: > >itracks.com >ipsos-reid.com >i-say.com >venteinc.com >surveynetworks.com > >We need to ask the ws folks how these are getting in >and how we can stop them from doing so. > >Jeff C. > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

2 1

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss