Have any of you seen fewer spams? I don't see many these days.
Chris,
Overall, I'm getting less and less spam. I think that SURBL is getting better, some graymarketers are cleaning up their acts, and my rules-based filering is also improving.
However, a few days ago, I started getting slammed with mortgage spam using the following domains:
dalehaym.biz dalehay.biz daleqhay.biz damphenm.biz darbherm.biz darbhero.biz darbkher.biz rbkher.biz (& others)
An example spam is found here:
http://www.pvsys.com/recentspamsample.txt
In this example, the domain is:
darbherm.biz
...but darbherm.biz doesn't resolve to anything. However, usa.darbherm.biz DOES resolve. (Of course, you have to go to the actual URL to get to a substantive page... see actual e-mail).
(1) Could the fact that the baseline domain doesn't resolve have tricked us into thinking that these were no longer active?
(2) Also, in a not-quite-applicable but related thought, should we rethink the policies for removing "dead" domains out of SURBL if they STILL appear in spams. For example, suppose a virus sends out the same spam for a now defunct domain over and over again... shouldn't such a domain STILL be listed in SURBL?
Finally, maybe these particular domains I listed at the top of this message are not in SURBL because of having legit uses?
But I must say that this particular "series" of spam came all of a sudden and ferociously frequent. For example, a couple of my clients would be getting at least a couple of dozen of these SAME e-mails **per day** if I hadn't adjusted my rules based filter to screen these out. Clearly, this kind of behavior where the spam is sent repeatedly each day is NOT playing by the rules.
Rob McEwen