Re: Blacklists

On Thu, 15 Apr 2004, Greg Hewgill wrote:

On Thu, Apr 15, 2004 at 07:30:43AM +0200, Lars Dybdahl wrote:

Are there any domain-name based blacklist systems out there?


http://surbl.org looks interesting.


Perhaps, but it's trivialy breakable by spammers.

Look what i got from spamcop a couple of days ago:

----------------------------------------------------------------------

[ SpamCop V1.3.4 ]
This message is brief for your comfort.  Please use links below for details.

Spamvertised domain: http://pointless.net
http://www.spamcop.net/w3m?i=z888990810zf7c2a8ed850b951097ef9943a7868eddz

[ Offending message ]
Return-Path: evaluationsblustered(_at_)excite(_dot_)com
Delivery-Date: Mon Apr 12 15:08:07 2004
Return-Path: <evaluationsblustered(_at_)excite(_dot_)com>
Received: from mail.boartlongyear.com (mail.boartlongyear.com [12.10.131.248])
        by connactivity.connactivity.com (8.12.10/8.12.10) with ESMTP id 
i3CJ82OK046480
        for <x>; Mon, 12 Apr 2004 15:08:07 -0400 (EDT)
Received: from acquiring ([200.72.146.19]) by mail.boartlongyear.com with 
Microsoft SMTPSVC(6.0.3790.0);
         Mon, 12 Apr 2004 13:07:50 -0600
From: "Mohammad Arca"<evaluationsblustered(_at_)excite(_dot_)com>
To: x
Subject: Do you want to p.leasure your partner every time?
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: 
<BLAN___________________67aa(_at_)mail(_dot_)boartlongyear(_dot_)com>
X-OriginalArrivalTime: 12 Apr 2004 19:07:52.0235 (UTC) 
FILETIME=[74218FB0:01C420C1]
Date: 12 Apr 2004 13:07:52 -0600
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on
        connactivity.connactivity.com

<html><body >
<font color=#FF0033>we stand behind our pr0ducts and service. <br> in fact, 
we're the first cOmpany t0 ever back a
p|harmaceutica1 prOduct with a 10O% m0ney back g~uarantee</font>
<p><font color=#FF0000><b>
 <a href=http://experimented.sd4d55v.com/at>V'I'S'1'T  Our  S'I'T'E  and  
0'r'd'e'r  h'e'r'e</a><br><br><br><br><br

<br><br><br><br><br><br><br><br><a href=http://pointless.net>`</a><p><a 
href=http://meiosis.com>^</a></p><a href=h

ttp://mightier.org>*</a></b></font>
</P>
</BODY></HTML>
0

----------------------------------------------------------------------

The genuine spam url is this one:

<a href=http://experimented.sd4d55v.com/at>V'I'S'1'T  Our  S'I'T'E  and 
0'r'd'e'r  h'e'r'e</a>

That link has plenty of text to click on, but the other 3 only have 1
punctuation mark:
<a href=http://pointless.net>`</a>
<a href=http://meiosis.com>^</a>
<a href=http://mightier.org>*</a>

This is url joe-jobbing.

Interestingly meiosis.org as well as my site have spf records, if i was
paranoid i might think this is pre-emptive revenge on the part of the
spammers.

OTOH mighter.org dosn't exist, so maybe it's just random dictonary words.

-- 
[http://pointless.net/]                                   [0x2ECA0975]

<Prev in Thread]	Current Thread	[Next in Thread>
Blacklists, Lars Dybdahl Re: Blacklists, Paul Howarth Re: Blacklists, Bill Landry Re: Blacklists, Greg Hewgill Re: Blacklists, Jasper Wallace <= SV: Blacklists, Lars Dybdahl Re: SV: Blacklists, David Woodhouse Re: SV: Blacklists, Dustin D. Trammell list of who's checking SPF, Meng Weng Wong Re: list of who's checking SPF, John A. Martin Re: Re: list of who's checking SPF, Kelson Vibber Re: list of who's checking SPF, David Woodhouse Re: list of who's checking SPF, Dustin D. Trammell Re: list of who's checking SPF, Wechsler Re: list of who's checking SPF, Dustin D. Trammell