Finally got around to running geturi 0.5 on some recent submitted FPs and ham. I have permission to forward the original messages if needed.
codefeed .com -0.2000 (1) gittigidiyor .com -0.2500 (1)
The first, from a java newsletter blog ref, has no NANAS hits. Created Feb '03. I can't read the language on the second, from a quoted sig in a MySQL newsletter, but it has one NANAS hit and was created in Feb '00. Probably not controversial.
destinationsite .com -3.0000 (1) ntcr .us -0.3333 (1)
These two are. Both are from a Jupitermedia Web Events newsletter. And yes, the guy who submitted it signed up for 'em. I already asked. Both with netcreations RPs. First registered Jan '98, second Nov '03, so they aren't fly-by-night. (Crawl by night?) destinationsite has seventy-eight widely varied NANAS hits, and their web page redirects to postmasterdirect .com, describing them as, "The most trusted source of 100% opt-in email customer acquisition solutions." ntcr .us has forty-three less varied NANAS hits, site unviewable with my browser. (I sent the latter in once before for a DS hit, but it's in WS now.)
And from personal email is a possibly worse pair... from a local linux UG newsletter that quotes a marketpro computer show flyer:
emailfactory .com and emf0 .com (apparently same folks), being used as a web bug and unsub address, respectively. 183 and 22 NANAS, created oct '98 and feb '03. "Precision opt-in email marketing tools."
Unfortunately, I know at least one other person who is (or was) subscribed to the mailing list for this show, which comes through here regularly. You choose if you want to hold your nose and remove 'em.
And that's it out of 4991 messages checked, after removal of FFP's.
Oh, yes, before I forget, a testimonial:
Earlier this year a friend and I jointly built three computers, one of which is the box I'm writing this on. He did price comparisons on components. And one of his messages on the topic was flagged as spam. I checked, and one vendor site had been flagged by ws.surbl.org. Naturally, I suggested that the vendor in question wasn't a good choice. We ordered elsewhere.
That correspondence just showed up in my corpora. Their site was still in WS, so I checked. Hmm. Web page down, what else? So I googled, and found that they were not merely spammy but had been fraudulent!
So surbl saved me grief even outside of the email filtering. :-) Another use for a wonderful tool.
John Lundin wrote to SURBL Discussion list:
Finally got around to running geturi 0.5 on some recent submitted FPs and ham.
Excellent!
I have permission to forward the original messages if needed.
codefeed .com -0.2000 (1)
Yes, personal site. Just guessing, but probably listed due to joe-jobbing someone's email address @codefeed .com.
gittigidiyor .com -0.2500 (1)
The first, from a java newsletter blog ref, has no NANAS hits. Created Feb '03. I can't read the language on the second, from a quoted sig in a MySQL newsletter, but it has one NANAS hit and was created in Feb '00. Probably not controversial.
It's Turkish, and I'd agree they do look legit. It *looks* like an auction site or something... so it could have been seen in spams similar to eBay auction spams that go around. (Come check out my auction! :-)
destinationsite .com -3.0000 (1) ntcr .us -0.3333 (1)
These two are. Both are from a Jupitermedia Web Events newsletter. And yes, the guy who submitted it signed up for 'em. I already asked. Both with netcreations RPs. First registered Jan '98, second Nov '03, so they aren't fly-by-night. (Crawl by night?) destinationsite has seventy-eight widely varied NANAS hits, and their web page redirects to postmasterdirect .com, describing them as, "The most trusted source of 100% opt-in email customer acquisition solutions." ntcr .us has forty-three less varied NANAS hits, site unviewable with my browser. (I sent the latter in once before for a DS hit, but it's in WS now.)
Sounds reasonable.
And from personal email is a possibly worse pair... from a local linux UG newsletter that quotes a marketpro computer show flyer:
emailfactory .com and emf0 .com (apparently same folks), being used as a web bug and unsub address, respectively. 183 and 22 NANAS, created oct '98 and feb '03. "Precision opt-in email marketing tools."
Unfortunately, I know at least one other person who is (or was) subscribed to the mailing list for this show, which comes through here regularly. You choose if you want to hold your nose and remove 'em.
Looks like they should indeed be removed from WS, but they might be good UC candidates if they do still send almost all spam.
And that's it out of 4991 messages checked, after removal of FFP's.
Good stuff!
- Ryan
On Thu, Sep 09, 2004 at 02:50:15PM -0600, Ryan Thompson wrote:
emailfactory .com and emf0 .com (apparently same folks), being [...]
Looks like they should indeed be removed from WS, but they might be good UC candidates if they do still send almost all spam.
Something I forgot to check on that last uri... the date.
My ham message with emailfactory .com was from March. (I don't expire my correspondance as fast and forgot to check when I threw 'em in.) So the problem may have solved itself. Of this batch, only emailfactory also showed up in my surviving spam folders. They definitely seem to have been used by spammers. The spam message in front of me was also sent in March, from seahag.emf1 .com (guess who) on behalf of Ovation Capital (ovationcap .com, "Getting Settlement or Annuity Payments? Need your cash now?") via broadcastemailservice .net (redirect to buyerfactory .com), all four of which are also in WS... but which have low and old NANAS hits. (?) They appear in a little ad at the end:
Drip Marketing Email Campaigns Work: <a href="http://emailfactoryMUNGED.com/forms/xxxxxxxxxxxx.html"> Find Out How Drip Marketing Email Campaigns Work</a>
Ryan, feel free to add 'em to UnClean if no one here produces more legitimate email using them. But it'd be better to have a recent one.
On Thursday, September 9, 2004, 1:50:15 PM, Ryan Thompson wrote:
John Lundin wrote to SURBL Discussion list:
Finally got around to running geturi 0.5 on some recent submitted FPs and ham.
Excellent!
I have permission to forward the original messages if needed.
codefeed .com -0.2000 (1)
Yes, personal site. Just guessing, but probably listed due to joe-jobbing someone's email address @codefeed .com.
gittigidiyor .com -0.2500 (1)
The first, from a java newsletter blog ref, has no NANAS hits. Created Feb '03. I can't read the language on the second, from a quoted sig in a MySQL newsletter, but it has one NANAS hit and was created in Feb '00. Probably not controversial.
It's Turkish, and I'd agree they do look legit. It *looks* like an auction site or something... so it could have been seen in spams similar to eBay auction spams that go around. (Come check out my auction! :-)
destinationsite .com -3.0000 (1) ntcr .us -0.3333 (1)
These two are. Both are from a Jupitermedia Web Events newsletter. And yes, the guy who submitted it signed up for 'em. I already asked. Both with netcreations RPs. First registered Jan '98, second Nov '03, so they aren't fly-by-night. (Crawl by night?) destinationsite has seventy-eight widely varied NANAS hits, and their web page redirects to postmasterdirect .com, describing them as, "The most trusted source of 100% opt-in email customer acquisition solutions." ntcr .us has forty-three less varied NANAS hits, site unviewable with my browser. (I sent the latter in once before for a DS hit, but it's in WS now.)
Sounds reasonable.
And from personal email is a possibly worse pair... from a local linux UG newsletter that quotes a marketpro computer show flyer:
emailfactory .com and emf0 .com (apparently same folks), being used as a web bug and unsub address, respectively. 183 and 22 NANAS, created oct '98 and feb '03. "Precision opt-in email marketing tools."
Unfortunately, I know at least one other person who is (or was) subscribed to the mailing list for this show, which comes through here regularly. You choose if you want to hold your nose and remove 'em.
Looks like they should indeed be removed from WS
Thanks for your research John and Ryan. I am holding my nose and whitelisting all of them.
Jeff C.
John Lundin wrote:
emailfactory .com and emf0 .com (apparently same folks), being used as a web bug and unsub address, respectively. 183 and 22 NANAS, created oct '98 and feb '03. "Precision opt-in email marketing tools."
emf1.com goes with those two. I've got emf0.com and emf1.com listed because of two spams sent to two spamtraps on Aug 25 and 28, 2004 originating from servers ice.emf0.com and bernard.emf1.com, advertising URLs with the emf0.com and emf1.com domains. Both domains were less than a year old, with the name server listed on SBL.
Whether or not we whitelist them for WS, they'll stay on my local blacklist :-)
Joe
On Thursday, September 9, 2004, 7:46:53 PM, Joe Wein wrote:
John Lundin wrote:
emailfactory .com and emf0 .com (apparently same folks), being used as a web bug and unsub address, respectively. 183 and 22 NANAS, created oct '98 and feb '03. "Precision opt-in email marketing tools."
emf1.com goes with those two. I've got emf0.com and emf1.com listed because of two spams sent to two spamtraps on Aug 25 and 28, 2004 originating from servers ice.emf0.com and bernard.emf1.com, advertising URLs with the emf0.com and emf1.com domains. Both domains were less than a year old, with the name server listed on SBL.
Whether or not we whitelist them for WS, they'll stay on my local blacklist :-)
Thanks Joe. I've whitelisted emf1.com also. It would be a lot easier if they were pure spammers so we could block them all.
Jeff C.
-
Jeff Chan -
Joe Wein -
John Lundin -
Ryan Thompson