[SURBL-Discuss] Yahoo Single-Link spam
Dan Mahoney, System Admin
danm at prime.gushi.org
Mon Mar 11 11:46:00 CET 2013
Hey all,
I'm getting a lot of single-link spam from Yahoo -- seems to be via
compromised accounts, mostly (as in, via an account that my address would
be in the addressbook of). It's coming through legitimately via the
Yahoo servers, with DKIM signatures intact and all. As the message body
is purely a link (at least, the text-plain portion is), this is an ideal
job for SURBL and pretty hard for most other content matching.
One such example (spaces added by me):
http://dark turn ip.com/sxduvb/dgemdczfcmc/lzuc.php
Yahoo seem to be absolutely braindead about spam reporting on these
compromised accounts. So much so that I wrote a blog about it:
http://gushi.livejournal.com/588829.html
I could easily create a SpamAssassin or Procmail rule to block these
messages, but I think it makes sense to make better use of this data.
I often report things that get through SpamAssassin to SpamCop, which I
understand feeds SURBL, but as SpamCop has to wait for me to go hit their
webpage, this introduces a lag that need not be present, ergo I'm happy to
feed traps directly from my system procmailrc -- where I have a couple
hundred friends-and-family domains.
Anyone interested?
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the Discuss
mailing list