Lot of unmarked spam - SpamAssassin

This is a discussion on Lot of unmarked spam - SpamAssassin ; We are getting lot of unmarked spam. The header is as follows: From: Feed Blaster To: xyz@oursite.ac.uk Subject: Feed Blaster puts your ad right to the screens of millions in 15 Minutes ! Date: 26 May 2008 21:42:41 -0700 Message-ID: ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Lot of unmarked spam

  1. Lot of unmarked spam

    We are getting lot of unmarked spam. The header is as follows:

    From: Feed Blaster
    To: xyz@oursite.ac.uk
    Subject: Feed Blaster puts your ad right to the screens of millions in
    15 Minutes !
    Date: 26 May 2008 21:42:41 -0700
    Message-ID: <20080526214241.C662D255EBE48B5A@from.header.has.no .domain>

    And the message contains:


    More and more people are subscribing to feeds every
    day and there are millions who are already subscribed.

    Thus, your ad will reach a very broad range of potential customers with
    each use of Feed Blaster!

    Feed Blaster is the first & only submitter that can submit your
    ads to thousands of feeds within a few minutes!

    Post your ads where people read them!

    - What if you could place your ad into all these feeds ?

    Right, that would mean you would have millions of sites
    linking to your ad - and millions of users reading your message within
    minutes - and my idea actually works


    For Full details please read the attached .html file
    Usually two html files are attached.

    Are we the only one who are seeing this kind of spam? If not is there
    any rule that can be applied to stop this kind of spam?


    Sujit Choudhury
    ISLS
    University of Westminster

    This e-mail and its attachments are intended for the above named only
    and may be confidential. If they have come to you in error you must not
    copy or show them to anyone, nor should you take any action based on
    them, other than to notify the error by replying to the sender.




    --
    The University of Westminster is a charity and a company limited by
    guarantee. Registration number: 977818 England. Registered Office:
    309 Regent Street, London W1B 2UW, UK.


  2. Re: Lot of unmarked spam


    On Thu, 2008-05-29 at 11:52 +0100, Sujit Acharyya-Choudhury wrote:
    > We are getting lot of unmarked spam. The header is as follows:
    >
    > From: Feed Blaster
    > To: xyz@oursite.ac.uk
    > Subject: Feed Blaster puts your ad right to the screens of millions in
    > 15 Minutes !
    > Date: 26 May 2008 21:42:41 -0700
    > Message-ID: <20080526214241.C662D255EBE48B5A@from.header.has.no .domain>
    >


    These are just few visible headers.
    see the whole headers. Some email clients ( typically Micro$$oft
    Outlook/OWA ) do let you see headers easily, you will have to juggle a
    lot to get the headers


    Post the *full* mail on some pastebin , we could run tests against it
    and tell you what scores you might get


  3. RE: Lot of unmarked spam

    As requested full header is as follows:


    Microsoft Mail Internet Headers Version 2.0
    Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by
    isls-exch-be-1.intranet.wmin.ac.uk with Microsoft
    SMTPSVC(6.0.3790.3959);
    Tue, 27 May 2008 05:42:34 +0100
    Received: from [124.236.241.119] (helo=gmail.com)
    by isls-mx20.wmin.ac.uk with esmtp (Exim 4.60)
    (envelope-from )
    id 1K0r17-0005Sm-8b
    for myname@wmin.ac.uk; Tue, 27 May 2008 05:42:34 +0100
    Reply-To: vjmgprograms@gmail.com
    From: Feed Blaster
    To: myname@westminster.ac.uk
    Subject: Feed Blaster puts your ad right to the screens of millions in
    15 Minutes !
    Date: 26 May 2008 21:42:41 -0700
    Message-ID: <20080526214241.C662D255EBE48B5A@from.header.has.no .domain>
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0012_DAA36BB7.FAA31CFA"
    Return-Path: vjmgprograms@gmail.com
    X-OriginalArrivalTime: 27 May 2008 04:42:34.0297 (UTC)
    FILETIME=[14BC6A90:01C8BFB4]

    ------=_NextPart_000_0012_DAA36BB7.FAA31CFA
    Content-Type: text/plain
    Content-Transfer-Encoding: 8bit

    ------=_NextPart_000_0012_DAA36BB7.FAA31CFA
    Content-Type: text/html; name="Full_Details.htm"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="Full_Details.htm"

    ------=_NextPart_000_0012_DAA36BB7.FAA31CFA
    Content-Type: text/html; name="Unsubscribe.htm"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="Unsubscribe.htm"


    ------=_NextPart_000_0012_DAA36BB7.FAA31CFA--



    Sujit Choudhury
    ISLS
    University of Westminster

    This e-mail and its attachments are intended for the above named only
    and may be confidential. If they have come to you in error you must not
    copy or show them to anyone, nor should you take any action based on
    them, other than to notify the error by replying to the sender.



    -----Original Message-----
    From: ram [mailto:ram@netcore.co.in]
    Sent: 29 May 2008 12:16
    To: Sujit Acharyya-Choudhury
    Cc: users@spamassassin.apache.org
    Subject: Re: Lot of unmarked spam


    On Thu, 2008-05-29 at 11:52 +0100, Sujit Acharyya-Choudhury wrote:
    > We are getting lot of unmarked spam. The header is as follows:
    >
    > From: Feed Blaster
    > To: xyz@oursite.ac.uk
    > Subject: Feed Blaster puts your ad right to the screens of millions in
    > 15 Minutes !
    > Date: 26 May 2008 21:42:41 -0700
    > Message-ID:
    > <20080526214241.C662D255EBE48B5A@from.header.has.no .domain>
    >


    These are just few visible headers.
    see the whole headers. Some email clients ( typically Micro$$oft
    Outlook/OWA ) do let you see headers easily, you will have to juggle a
    lot to get the headers


    Post the *full* mail on some pastebin , we could run tests against it
    and tell you what scores you might get






    --
    The University of Westminster is a charity and a company limited by
    guarantee. Registration number: 977818 England. Registered Office:
    309 Regent Street, London W1B 2UW, UK.


  4. RE: Lot of unmarked spam

    On Thu, May 29, 2008 15:15, Sujit Acharyya-Choudhury wrote:
    > As requested full header is as follows:
    >
    >
    > Microsoft Mail Internet Headers Version 2.0
    > Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by
    > isls-exch-be-1.intranet.wmin.ac.uk with Microsoft
    > SMTPSVC(6.0.3790.3959);
    > Tue, 27 May 2008 05:42:34 +0100
    > Received: from [124.236.241.119] (helo=gmail.com)
    > by isls-mx20.wmin.ac.uk with esmtp (Exim 4.60)
    > (envelope-from )
    > id 1K0r17-0005Sm-8b
    > for myname@wmin.ac.uk; Tue, 27 May 2008 05:42:34 +0100
    > Reply-To: vjmgprograms@gmail.com
    > From: Feed Blaster
    > To: myname@westminster.ac.uk
    > Subject: Feed Blaster puts your ad right to the screens of millions in 15

    Minutes !
    > Date: 26 May 2008 21:42:41 -0700
    > Message-ID: <20080526214241.C662D255EBE48B5A@from.header.has.no .domain>

    MIME-Version: 1.0
    > Content-Type: multipart/mixed;
    > boundary="----=_NextPart_000_0012_DAA36BB7.FAA31CFA"
    > Return-Path: vjmgprograms@gmail.com
    > X-OriginalArrivalTime: 27 May 2008 04:42:34.0297 (UTC)
    > FILETIME=[14BC6A90:01C8BFB4]


    envelope seams to come from gmail.com so spf can reject this spam since its
    not sent from gmail servers

    http://www.openspf.org/Why?s=mfrom&i...tminster.ac.uk


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


  5. Re: Lot of unmarked spam

    > On Thu, May 29, 2008 15:15, Sujit Acharyya-Choudhury wrote:
    > > As requested full header is as follows:
    > >
    > >
    > > Microsoft Mail Internet Headers Version 2.0
    > > Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by
    > > isls-exch-be-1.intranet.wmin.ac.uk with Microsoft
    > > SMTPSVC(6.0.3790.3959);
    > > Tue, 27 May 2008 05:42:34 +0100
    > > Received: from [124.236.241.119] (helo=gmail.com)
    > > by isls-mx20.wmin.ac.uk with esmtp (Exim 4.60)
    > > (envelope-from )
    > > id 1K0r17-0005Sm-8b
    > > for myname@wmin.ac.uk; Tue, 27 May 2008 05:42:34 +0100
    > > Reply-To: vjmgprograms@gmail.com
    > > From: Feed Blaster
    > > To: myname@westminster.ac.uk
    > > Subject: Feed Blaster puts your ad right to the screens of millions in 15

    > Minutes !
    > > Date: 26 May 2008 21:42:41 -0700
    > > Message-ID: <20080526214241.C662D255EBE48B5A@from.header.has.no .domain>

    > MIME-Version: 1.0
    > > Content-Type: multipart/mixed;
    > > boundary="----=_NextPart_000_0012_DAA36BB7.FAA31CFA"
    > > Return-Path: vjmgprograms@gmail.com
    > > X-OriginalArrivalTime: 27 May 2008 04:42:34.0297 (UTC)
    > > FILETIME=[14BC6A90:01C8BFB4]


    On 29.05.08 15:39, Benny Pedersen wrote:
    > envelope seams to come from gmail.com so spf can reject this spam since its
    > not sent from gmail servers
    >
    > http://www.openspf.org/Why?s=mfrom&i...tminster.ac.uk


    which means you should turn on SPF control, and I recommend even DKIM and
    other newtwork rules (razor, pyzor, uribl and DCC if you can)
    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    Nothing is fool-proof to a talented fool.


  6. Re: Lot of unmarked spam

    > We are getting lot of unmarked spam. The header is as follows:
    >
    > From: Feed Blaster
    > To: xyz@oursite.ac.uk
    > Subject: Feed Blaster puts your ad right to the screens of millions in
    > 15 Minutes !
    > Date: 26 May 2008 21:42:41 -0700
    > Message-ID: <20080526214241.C662D255EBE48B5A@from.header.has.no .domain>




    Reject if the From field has no @ in it. That knocked out the
    one (1) of these that we saw here yesterday.

    Joseph Brennan
    Columbia University Information Technology


  7. Re: Lot of unmarked spam


    On Thu, May 29, 2008 21:52, Joseph Brennan wrote:

    > Reject if the From field has no @ in it. That knocked out the
    > one (1) of these that we saw here yesterday.


    the from was not envelope sender, but yes one could make a header rule for
    this in spamassassin :-)

    postfix cant see the From: in header test


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


+ Reply to Thread