On Thu, 15 Apr 2004, Greg Hewgill wrote:
On Thu, Apr 15, 2004 at 07:30:43AM +0200, Lars Dybdahl wrote:
Are there any domain-name based blacklist systems out there?
http://surbl.org looks interesting.
Perhaps, but it's trivialy breakable by spammers.
Look what i got from spamcop a couple of days ago:
----------------------------------------------------------------------
[ SpamCop V1.3.4 ]
This message is brief for your comfort. Please use links below for details.
Spamvertised domain: http://pointless.net
http://www.spamcop.net/w3m?i=z888990810zf7c2a8ed850b951097ef9943a7868eddz
[ Offending message ]
Return-Path: evaluationsblustered(_at_)excite(_dot_)com
Delivery-Date: Mon Apr 12 15:08:07 2004
Return-Path: <evaluationsblustered(_at_)excite(_dot_)com>
Received: from mail.boartlongyear.com (mail.boartlongyear.com [12.10.131.248])
by connactivity.connactivity.com (8.12.10/8.12.10) with ESMTP id
i3CJ82OK046480
for <x>; Mon, 12 Apr 2004 15:08:07 -0400 (EDT)
Received: from acquiring ([200.72.146.19]) by mail.boartlongyear.com with
Microsoft SMTPSVC(6.0.3790.0);
Mon, 12 Apr 2004 13:07:50 -0600
From: "Mohammad Arca"<evaluationsblustered(_at_)excite(_dot_)com>
To: x
Subject: Do you want to p.leasure your partner every time?
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID:
<BLAN___________________67aa(_at_)mail(_dot_)boartlongyear(_dot_)com>
X-OriginalArrivalTime: 12 Apr 2004 19:07:52.0235 (UTC)
FILETIME=[74218FB0:01C420C1]
Date: 12 Apr 2004 13:07:52 -0600
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on
connactivity.connactivity.com
<html><body >
<font color=#FF0033>we stand behind our pr0ducts and service. <br> in fact,
we're the first cOmpany t0 ever back a
p|harmaceutica1 prOduct with a 10O% m0ney back g~uarantee</font>
<p><font color=#FF0000><b>
<a href=http://experimented.sd4d55v.com/at>V'I'S'1'T Our S'I'T'E and
0'r'd'e'r h'e'r'e</a><br><br><br><br><br
<br><br><br><br><br><br><br><br><a href=http://pointless.net>`</a><p><a
href=http://meiosis.com>^</a></p><a href=h
ttp://mightier.org>*</a></b></font>
</P>
</BODY></HTML>
0
----------------------------------------------------------------------
The genuine spam url is this one:
<a href=http://experimented.sd4d55v.com/at>V'I'S'1'T Our S'I'T'E and
0'r'd'e'r h'e'r'e</a>
That link has plenty of text to click on, but the other 3 only have 1
punctuation mark:
<a href=http://pointless.net>`</a>
<a href=http://meiosis.com>^</a>
<a href=http://mightier.org>*</a>
This is url joe-jobbing.
Interestingly meiosis.org as well as my site have spf records, if i was
paranoid i might think this is pre-emptive revenge on the part of the
spammers.
OTOH mighter.org dosn't exist, so maybe it's just random dictonary words.
--
[http://pointless.net/] [0x2ECA0975]