At 09:08 PM 2/5/98 -0700, Felix Tilley wrote:
got past my procmail 3.10 recipe unless procmail is treating MAILER_DAEMON
Only if you're using rules to route those messages before filtering for spam.
It will not exist ever again.
And what gives you this idea? Once a domain has been soiled, nobody will
ever re-register it, or locate to new digs?
The t-1net was forged by the "Ballman", Dana
Jones in Texas, a former customer of t-1net.
And current owner of golfballsusa.com, among others (see below).
And here are the headers for the spam. What did I do wrong? This is a
potential major problem if the spammers can use MAILER_DAEMON to get
through the procmail filters.
I'm not having any troubles ditching this stuff. Use of MAILER_DAEMON
probably has a LOT more to do with suckering people into opening the
message to read it, though as someone else here pointed out, it could very
well be a workaround to some sendmail anti-spam rules.
BTW: I can't resolve 209.136.153.210, nor
can I traceroute it. It may be forged, or the spammer domain may have been
terminated.
You didn't look very hard: the 209.136.153 netblock is currently held by
"Golfballs Unlimited" (sound familiar - oh, heck, that's what they're
advertising in the spam, ain't it?)
GOLFBALLSUNLIMITEDUSA.COM
GOLFBALLSUSA.COM
NOTFALSE.COM
Networking provided by our favourite provider-scum: AGIS.NET
All they have to do is get a netblock and assign their spam server a
rotating IP address in that block - after the spam is sent and people try
to ping the originating server, they can't and assume the address is forged
- and if that is the case, why block the address, right?
Spammers seem to think the world is populated with morons. If they're
staying in business, there's apparently a sufficient number of morons to
make a living off of.
---
Please DO NOT carbon me on list replies. I'll get my copy from the list.
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395