Usually Spamassasin works OK (just ok, gmail filter is way better) but suddenly I get a lot of similar looking SPAM.
With similar I mean, email domain is usually the spamvertized URL. About 50% of those are *.EU domains.
Example:
Code:
Return-Path: <Rates@happymanads.eu>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on ****@*************
X-Spam-Flag: YES
X-Spam-Level: ***
X-Spam-Status: Yes, score=3.5 required=3.0 tests=BAYES_99,HTML_MESSAGE, SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.1
X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay * domain * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message
X-Original-To: ****@*************
Delivered-To: ****@*************
Received: from mv4xe3b.happymanads.eu (mv4xe3b.happymanads.eu [23.95.13.76]) by ****@************* (Postfix) with ESMTP id 5F0FB5050050 for <****@*************>; Thu, 29 May 2014 00:01:32 -0500 (CDT)
Received: by 00091a87.mv4xe3b.happymanads.eu (amavisd-new, port 1835) with ESMTP id 00F091AY87; for <****@*************>; Wed, 28 May 2014 22:01:28 -0700
Message-ID: <8351745957808354847392636@mv4xe3b.happymanads.eu>
Subject: [SPAM 3.5] Homeowners should not ignore this email!
To: <****@*************>
From: "Rates" <Rates@happymanads.eu>
Date: Wed, 28 May 2014 22:01:28 -0700
Content-Language: en-us
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: multipart/alternative; boundary="__________MIMEboundary__________"
X-Spam-Prev-Subject: Homeowners should not ignore this email!
Issue viewing our email ? Please browse here.
http://www.happymanads.eu/l/lt7KN8YGS47KY/48XIY392AU636ET595780SEQSP39212/qs/?
Homeowners should not ignore this email!
http://www.happymanads.eu/l/lt7CP83547XF/48QDM392VFL12FU595780TLERC3921052/qs/?
Removal
http://www.happymanads.eu/l/lb5R5INS47DW/48PIN392UK636NK5780UXAGL2105292/qs/?
prospectus BURNED glimmer Redmond commented DESPATCHED distribuida Apr. NOWRAP SALLY
3114 orthodox arvato sieht luminaries glaube incorporated Matchen fecha espace dank
2FSAIR 7240 stockholders heb 5622 1f497d. netzero datum forwarding NOSHADE PODR JOBID
jrnl rai cdt purchased zendesk vragen FAKTURA 6899 // [rest deleted]
I just wonder about the sudden SPAM explosion.... I think I reported about 2-300 the last few days. URLs rarely repeat.
Update:
The URLs from the messages that I cleaned up this morning:
alongops.com
amazingslimforowmen01.us
amigobug.com
businessawardsnow.com
enormouslet.com
falseauto.com
flxhosebogodeals-01.us
gelzip.com
geyfast.com
keepzz-smilez.eu
millikat.com
moburveg.com
mysticaljog.com
northhoney.com
noskin-marks.eu
ohchoirons.com
ozav.net
paxmot.com
prntter.eu
relidrat.com
scott6.eu
sidetew.com
smc-review-score1348.us
topfunnynews.eu
toppositivnews.eu
tunkenti.com
twafigure.com
windowofferspecial0121.us
yahyen.com
They look like all from the same source to me.
A list I from last night. About half of them had no SPAM score (Spamassassin). SPAM over a certain score gets automatically deleted)
It seems that:
• Every domain was registered on that day.
• Every domain is used only once.
24daysinnsmiles.eu
24happysunshines.in
77happydayfuns.eu
adenmim.com
adilnce.me.uk
adountil.com
advnc-vacum.eu
agaocean.com
agencynoteit.com
ayedressyon.com
bestsellsa1.us
cellnip.com
cudrib.com
dunheavy.com
ersvug.com
factenormous.com
fromgyp.com
gjdsfjhsa.me.uk
glentrue.com
gschjdgd.me.uk
housemoveof.com
imuerdfens.me
junebackground-check.us
lemontreee.eu
livez-well.eu
nanothy.com
nearroad.com
nixdecorated.com
ohocur.com
peescuermenck.me
retdow.com
roundte.com
seemonpent.com
syntheticnew.com
tichesseed.com
vldly.co.uk
ygdstuds.me.uk
Posted: Thu May 29, 2014 2:45 am 
