Jeff Chan wrote:
Only one report came through SpamCop.
Ugh. Maybe it's filtered on a "per account" or on a "per reporting IP" base.
The domain and IPs are not listed in any other RBLs.
One day later they certainly made it to some lists: wunsch-pen??.com (---4-21-): .multi.surbl.org
Just for fun I also spamcopped the next 19 samples manually, but at this time it already was on 4+2+1.
we could say that our tests are not sensitive enough
If you only got one hit from SC the "bug" or "feature" is on SC's side. Your "known CIDR" accelerator can't catch them all, they can simply hide in 217 or similar.
I went ahead and manually blacklisted it anyway, assuming it's spam.
Sure like hell it is, maybe the same gang as the "OEM" crap. And that could be their first smart move, send German spam to addresses in ccTLD de. But probably they just send it to any string with an "@". <sigh />
Bye, Frank