Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

smail3-users: spam filters

0 views
Skip to first unread message

Matthias Watermann

unread,
Aug 19, 1997, 3:00:00 AM8/19/97
to

gr...@oriole.sbay.org wrote on 03.08.97 in article <Pine.LNX.3.96.97080...@calvin.oriole.sbay.org>:

> [...]
> One thing not on this topic that I noticed this morning: llv.com in
> their spamming now apparently searches your DNS for MX hosts and rather
> than attempting delivery directly, attempts delivery to the LEAST
> desireable MX first and then walks the list in reverse order. I got hit
> with several from them this morning that sneeked in through about the
> fourth MX up the list without ever attempting delivery at my primary MX.

Today I've got a SPAM =from= myself ...

>------------------------------- schnipp -------------------------------------
EMP: MATT...@OLN.COMLINK.APC.ORG
BET: Introducing GoldRush Stealth Mailer -- Plus 40 Million Prospects!
ABS: matt...@oln.comlink.apc.org (Don't mail me!)
EDA: 19970818223130W-5:00
ROT: oln.comlink.apc.org
MID: 1997021610...@bizproplus.com
LEN: 6823
ANTWORT-AN: do...@noreply.com
GATE: RFC1036/822 sonne.comlink.apc.org [UNIX/Connect v0.74b4MB06]
U-To: y...@yourplace.com
U-Received: from italy.it.earthlink.net ([204.250.46.18]) by mail.comlink.apc.org with smtp (Smail3.1.29.1 #12) id m0x0aXw-000Kf0C; Tue, 19 Aug 97 00:45 MET DST
U-Received: from mail.earthlink.net (1Cust26.max10.new-orleans.la.ms.uu.net [153.34.204.154]) by italy.it.earthlink.net (8.8.5/8.8.5) with SMTP id PAA25485; Mon, 18 Aug 1997 15:41:55 -0700 (PDT)
U-Received: from mail.bizproplus.com (alt1.bizproplus.com (208.911.32.104)) by bizproplus (8.8.5/8.6.5) with SMTP id GAA05223 for <y...@yourplace.com>; Mon, 18 Aug 1997 17:31:30 -0600 (EST)
U-Comments: Authenticated sender is <me@myplace>
U-X-UIDL: 2610431056a78aeb1b128fda426c9a5e

>------------------------------- schnapp -------------------------------------

This mail-header is not in RFC-format since I'm using another
protocoll but you may notice that the From-address (ABS) is the
same as the To-address (EMP). Did anyone see such a thing before?

Is this a new trick to avoid SPAM-filters? How could one handle
this?

--
Matthias


Greg A. Woods

unread,
Aug 19, 1997, 3:00:00 AM8/19/97
to

[ On Tue, August 19, 1997 at 10:34:00 (+0200), Matthias Watermann wrote: ]
> Subject: Re: smail3-users: spam filters

>
> Today I've got a SPAM =from= myself ...

If I follow the headers correctly you received it as follows:

Received: from italy.it.earthlink.net ([204.250.46.18])
by mail.comlink.apc.org
with smtp (Smail3.1.29.1 #12)
id m0x0aXw-000Kf0C; Tue, 19 Aug 97 00:45 MET DST

I currently block all mail from *.it.earthlink.net using TCP Wrappers.

I wish there were another way, but they currently permit any uu.net
dialup to send anything through their mailers.....

Received: from mail.earthlink.net (1Cust26.max10.new-orleans.la.ms.uu.net [153.34.204.154])
by italy.it.earthlink.net (8.8.5/8.8.5)
with SMTP
id PAA25485; Mon, 18 Aug 1997 15:41:55 -0700 (PDT)

--
Greg A. Woods

+1 416 443-1734 VE3TCP <gwo...@acm.org> <robohack!woods>
Planix, Inc. <wo...@planix.com>; Secrets of the Weird <wo...@weird.com>


0 new messages