procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: moron-spam from Cyberpromo (see these headers!)

1997-04-09 22:06:00
from [Tim] [Permanent Link] 
Below is the whole of the message.  Given recent discussion of filtering
out spam, I thought it was interesting that there are receieved headers
here that IDENTIFY it as coming through CYBERPROMO...


It's definitely a CyberPromo spam.


And what sort of moron would reply to such an obvious address verification
troll?  Duh!

So, to dump all mail coming from this new disservice, I should be able to
add the following recipe:

:0:
* ^Received:.*[^-a-z0-9]Cyber-Bomber([^-a-z0-9.]|$)
/dev/null


Actually, you can make it easier:

        :0
        * ^Received:.*cyberpromo\.com
        /dev/null

The latest CyberPromo spams I have been receiving all have 'ispam.net' and
'cyberpromo.com' (in the form of 'http://www.cyberpromo.com') in the
"Received:" headers.


Received: from sgiblab.sgi.com (sgiblab.SGI.COM [192.82.208.3])
    by professional.org (8.8.5/8.8.5) with SMTP id SAA11343;
    Wed, 9 Apr 1997 18:46:12 -0700 (PDT)
From: notes(_at_)savetrees(_dot_)com
Received: from ispam.net by sgiblab.sgi.com via ESMTP

(940816.SGI.8.6.9/911001.SGI)

    id SAA02579; Wed, 9 Apr 1997 18:45:56 -0700
Received: from Cyber Promotions' new "Cyber-Bomber" - Details at

http://www.cyberpromo.com

X-Shocking-Web-Page: Visit http://www.cyberpromo.com
X-Please-Note: THIS SERVER RELAYS MAIL FROM OTHER SOURCES ONLY!
X-Important: IF YOU RECEIVE ADULT ORIENTED MATERIAL THROUGH THIS SERVER
X-Important2: PLEASE NOTIFY CYBER PROMOTIONS IMMEDIATELY AT 215-628-9780.
To: notes(_at_)clearlight(_dot_)com
Subject: We Pay You
Reply-to: notes(_at_)savetrees(_dot_)com
Date: today
Comments: Authenticated sender is <notes(_at_)savetrees(_dot_)com>
Received: from savetrees.com (savetrees.com [000.000.000.000]) by

savetrees.com (0.0.0./0.0.0.) with SMTP id AAA000000 for
<notes(_at_)savetrees(_dot_)com>; Wed, 9 Apr 1997 19:31:59 -0500 (EST)

Message-Id: 0000000000(_dot_)AAA000(_at_)savetrees(_dot_)com
X-UIDL: 25615438356537613347166754346692


[snip]

Lates!
---------------------------------------------------------------------------
Tim <bodysurf(_at_)pobox(_dot_)com>                          
mailto:bodysurf(_at_)pobox(_dot_)com
Finger bodysurf(_at_)pobox(_dot_)com for my PGP public key (Bits 1024/KeyID 
09DA5C49).
PGP Key FPrint (09/03/94): 4C 97 F1 FA 70 55 68 91  49 D1 AD F2 DD 63 0C 15
---------------------> Please PGP encrypt your email <---------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: moron-spam from Cyberpromo (see these headers!), Scott Anguish
Next by Date:  Re: Anti spamming, Lars Kellogg-Stedman
Previous by Thread:  Re: moron-spam from Cyberpromo (see these headers!), Scott Anguish
Next by Thread:  Re: moron-spam from Cyberpromo (see these headers!), James L. McGill
Indexes:  [Date] [Thread] [Top] [All Lists]