[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Policy based spam filtering




Are we losing?

New bogus spammers are cropping up daily. I just received this.

It got past the filter, but the destination failed locally here
so I got a bounce copy. The content (only part of it here) is
disturbing to say the least.

Definitely put this guy in the spam database!

>Date: Fri, 14 Nov 1997 03:31:49 -0700
>From: Floodgate <taziu63@rema.co.at>
>Reply to: floodgate@t-1net.com
>To: taziu63@rema.co.at
>Subject: Bulk Email For Profit

[snip]

>We show you ALL the tricks all the mass e-mailers don't want you to 
>know... 
>Here are just a few features the GOLDRUSH STEALTH MASS MAILER offers to 
>you... 
>
>     *Forge the Header - Message ID - ISP's will Spin their wheels. 
>     *Add's a Bogus Authenticated Sender to the Header. 
>     *Add's a complete bogus Received From / Received By line with 
>      real time / date stamp and recipient to the Header. 

Yikes! They'll stop at nothing short of blatant fraud. There ought
to be an enforcable law...

What's even worse, delivery notification of the bounce back to the
sender failed with the folowing (so indeed, games are being played
with the headers):

...
This is a collection of reports about email delivery
process concerning a message you originated:

<smtp rema.co.at taziu63@rema.co.at 99>: ...\
        <<- MAIL From:<>
        ->> 500 You are not allowed to send email via this server (this 
is abnormal, investigate!)
...


The original didn't get slotted into postoffice/freezer, so I can't
examine the full headers. Odd that zmailer used "MAIL From:<>" though.

Cheers,
-Jim