As a job recruiter, I am intimately familiar with posting a job and then getting hammered with SPAM from companies and recruiting firms.
In the past 5 minutes, I've gotten two. One from BobAJobs-munged.com and one from http://ad1.geowebsv48a-munged.com/recruiting_service.html.
How would these type of spam's be viewed for addition to SURBL?
Regards, KAM
In an older episode (Tuesday 24 May 2005 21:55), Kevin A. McGrail wrote:
As a job recruiter, I am intimately familiar with posting a job and then getting hammered with SPAM from companies and recruiting firms.
In the past 5 minutes, I've gotten two. One from BobAJobs-munged.com and one from http://ad1.geowebsv48a-munged.com/recruiting_service.html.
How would these type of spam's be viewed for addition to SURBL?
There is a submission form at http://www.rulesemporium.com/cgi-bin/uribl.cgi
On Tuesday, May 24, 2005, 12:55:20 PM, Kevin McGrail wrote:
As a job recruiter, I am intimately familiar with posting a job and then getting hammered with SPAM from companies and recruiting firms.
In the past 5 minutes, I've gotten two. One from BobAJobs-munged.com and one from http://ad1.geowebsv48a-munged.com/recruiting_service.html.
How would these type of spam's be viewed for addition to SURBL?
Regards, KAM
I'm not sure they'd qualify. SURBLs are most appropriate for catching zombie-using spam gangs. Those are the ones that are probably the biggest spammers by message volume, and they're probably hardest to catch with RBLs or MTA blocklists due to their nearly-random and rapidly-changing sender IPs.
If the job spammers send from consistent IPs, then just block those sender IPs. If they use zombies to send, then probably we should list them.
So do they use zombies or fixed IPs to send from?
Jeff C. -- Don't harm innocent bystanders.
So do they use zombies or fixed IPs to send from?
Without researching, I would guess that they are legitimate business using their own resources or salespeople and do unethical solicitations.
What would you say from headers like this?
Received: from twm2005-dev.thoughtworthy.com ([10.10.10.31]) by dev.thoughtworthy.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Tue, 24 May 2005 17:21:13 -0400 Received: from sales (sales.anthemtechnologies.com [65.213.110.30]) by twm2005-dev.thoughtworthy.com (8.13.4/8.13.4) with SMTP id j4OLKKfc024063 for jobs@thoughtworthy.com; Tue, 24 May 2005 17:20:26 -0400 x-esmtp: 0 0 1 Message-ID: 1956350-220055224202319526@sales Errors-to: errors@anthemtechnologies.com Reply-To: "Shailaja" shailaja@anthemtechnologies.com From: "Shailaja" staffingservices@anthemtechnologies.com To: jobs@thoughtworthy.com Subject: Excellent Sr. Java certified with WSAD and .Net with BizTalk consultants available for your consulting projects Date: Tue, 24 May 2005 13:23:19 -0700 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_1956311245812426938202319526" X-Spam-Status: No, hits=2.0 required=6.5 tests=AWL,BAYES_00,EXCUSE_3,FB_REM_CAPS,HTML_MESSAGE, J_CHICKENPOX_31,J_CHICKENPOX_33,J_CHICKENPOX_36, J_CHICKENPOX_37,J_CHICKENPOX_43,J_CHICKENPOX_48, J_CHICKENPOX_73,MAILTO_SUBJ_REMOVE,MAILTO_TO_REMOVE, MIME_BOUND_NEXTPART,MIME_QP_LONG_LINE,OACYS_SINGLE, RM_rb_ANCHOR,RM_rb_BODY,RM_rb_BREAK,RM_rb_FONT,RM_rb_HTML, RM_rb_TITLE,RM_sl_LeadChar version=3.0.2 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.000002 (2004-11-16) X-Scanned-By: MIMEDefang 2.51 on 10.10.10.31 Return-Path: staffingservices@anthemtechnologies.com X-OriginalArrivalTime: 24 May 2005 21:21:13.0623 (UTC) FILETIME=[8374BA70:01C560A6]
Regards, KAM
On Wednesday, May 25, 2005, 4:05:55 AM, Kevin McGrail wrote:
So do they use zombies or fixed IPs to send from?
Without researching, I would guess that they are legitimate business using their own resources or salespeople and do unethical solicitations.
What would you say from headers like this?
Received: from twm2005-dev.thoughtworthy.com ([10.10.10.31]) by dev.thoughtworthy.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Tue, 24 May 2005 17:21:13 -0400 Received: from sales (sales.anthemtechnologies.com [65.213.110.30]) by twm2005-dev.thoughtworthy.com (8.13.4/8.13.4) with SMTP id j4OLKKfc024063 for jobs@thoughtworthy.com; Tue, 24 May 2005 17:20:26 -0400
http://rbls.org/?q=65.213.110.30 comes up clean, so it's perhaps not a zombie.
(BTW my favorite rbl checker openrbl.org seems gone. :-( )
Looks like their own /25 from UUNet:
CustName: Anthem Technologies, Inc. Address: 1405 State Route 18 Address: Suite 106, 1st floor, phone room City: Old Bridge StateProv: NJ PostalCode: 08857 Country: US RegDate: 2003-05-22 Updated: 2003-05-22
NetRange: 65.213.110.0 - 65.213.110.127 CIDR: 65.213.110.0/25 NetName: UU-65-213-110-D6 NetHandle: NET-65-213-110-0-1 Parent: NET-65-192-0-0-1 NetType: Reassigned Comment: Addresses within this block are non-portable. RegDate: 2003-05-22 Updated: 2003-05-22
TechHandle: OA12-ARIN TechName: UUnet Technologies, Inc., Technologies TechPhone: +1-800-900-0241 TechEmail: help4u@mci.com
If they are spammers, they're stupid to spam from their own network. If you want to block them, there's a nice /25 to deny access from..... :-)
It's looking less and less like it belongs on SURBLs....
Jeff C. -- Don't harm innocent bystanders.
Give this a try:
It worked for me this morning.
Dan Zachary
(BTW my favorite rbl checker openrbl.org seems gone. :-( )
-
Jeff Chan -
Kevin A. McGrail -
Spam Admin -
wolfgang