On Friday, May 20, 2005, 6:51:26 PM, David Funk wrote:
On Wed, 18 May 2005, Jeff Chan wrote:
On Wednesday, May 18, 2005, 6:44:05 AM, Spam Admin wrote:
spam link.
http://www.kexmt.move.fresh-deals.net/go/g/31/2869/1/?3495564
Dan Zachary
Hi Dan, This is a recently registered domain (a couple weeks ago) but it doesn't seem to resolve into spaces that are known to be spammy. That may just mean spammers have moved into a new network space, etc.
However there are a number of odd things about this domain from the registration, to the host's registration, etc. And it doesn't seem to resolve currently.
Is anyone else seeing this in spams?
Jeff C.
Jeff, I've been getting spam containing that URL and other 'sisters' (such as "dealstoday.net").
They have major spam-sign hallmarks:
The payload is a few lines of HTML that reference images with the ad "message" and then massive amounts of "Bayes poison" hidden by HTML comments or CSS tricks (style="visibility:hidden"), bogus HTML (large amounts of text after the closing </HTML> tag), as well as being sent to stale local addresses.
Examples available upon request. ;)
A good way to get these listed is to use SpamCop and/or report them on the SURBL checker page:
http://www.spamcop.net/ http://www.rulesemporium.com/cgi-bin/uribl.cgi
That helps get people and programs checking them.
This suggestion is for Dan Zachary too. :-)
OTOH, it's good to hear about FNs (false negatives - missed spams) so we can research them to find ways to include them. Note that we want examples that are 100% spammy, ideally owned by criminal spam gangs.
Jeff C. -- Don't harm innocent bystanders.