Hi, I've manually "spamcopped" ten of these 60 minutes ago:
Submitted: Sun Nov 13 00:26:03 2005 GMT : ***SPAM*** KXndigung - Mahnung
1554220718 ( http://www.wunsch-pen??.com ) To: gatekeeper@eastgate.net.my 1554220710 ( http://www.wunsch-pen??.com ) To: m_ghaza@tm.net.my
(for "??" insert "is"). So far that doesn't show up in multi, is there a problem with SURBL's link to SC, or are 10 reports simply not enough ? Bye, Frank
On Saturday, November 12, 2005, 5:17:58 PM, Frank Ellermann wrote:
Hi, I've manually "spamcopped" ten of these 60 minutes ago:
Submitted: Sun Nov 13 00:26:03 2005 GMT : ***SPAM*** KXndigung - Mahnung
1554220718 ( http://www.wunsch-pen??.com ) To: gatekeeper@eastgate.net.my 1554220710 ( http://www.wunsch-pen??.com ) To: m_ghaza@tm.net.my
(for "??" insert "is"). So far that doesn't show up in multi, is there a problem with SURBL's link to SC, or are 10 reports simply not enough ? Bye, Frank
Only one report came through SpamCop. In some cases that would be enough, but this is the only domain to resolve into their netblocks and there was only one report. The domain and IPs are not listed in any other RBLs.
So we could say that our tests are not sensitive enough, or this is not appearing in enough spam, etc. I went ahead and manually blacklisted it anyway, assuming it's spam.
Jeff C. -- Don't harm innocent bystanders.
Jeff Chan wrote:
Only one report came through SpamCop.
Ugh. Maybe it's filtered on a "per account" or on a "per reporting IP" base.
The domain and IPs are not listed in any other RBLs.
One day later they certainly made it to some lists: wunsch-pen??.com (---4-21-): .multi.surbl.org
Just for fun I also spamcopped the next 19 samples manually, but at this time it already was on 4+2+1.
we could say that our tests are not sensitive enough
If you only got one hit from SC the "bug" or "feature" is on SC's side. Your "known CIDR" accelerator can't catch them all, they can simply hide in 217 or similar.
I went ahead and manually blacklisted it anyway, assuming it's spam.
Sure like hell it is, maybe the same gang as the "OEM" crap. And that could be their first smart move, send German spam to addresses in ccTLD de. But probably they just send it to any string with an "@". <sigh />
Bye, Frank