Clicky
Last visit was: Sat Jul 05, 2014 5:20 pm
It is currently Sat Jul 05, 2014 5:20 pm

Getting suddenly a lot of SPAM, see sample....


All times are UTC - 5 hours [ DST ]


 [ 1 post ] 
Author Message
 PostPosted: Thu May 29, 2014 2:45 am   
Getting started
User avatar

Joined: Wed Nov 03, 2010 11:47 pm
Posts: 45
Usually Spamassasin works OK (just ok, gmail filter is way better) but suddenly I get a lot of similar looking SPAM.

With similar I mean, email domain is usually the spamvertized URL. About 50% of those are *.EU domains.

Example:
Code:
Return-Path:    <[email protected]>
X-Spam-Checker-Version:    SpamAssassin 3.3.1 (2010-03-16) on ****@*************
X-Spam-Flag:    YES
X-Spam-Level:    ***
X-Spam-Status:    Yes, score=3.5 required=3.0 tests=BAYES_99,HTML_MESSAGE, SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.1
X-Spam-Report:    * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay * domain * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message
X-Original-To:    ****@*************
Delivered-To:    ****@*************
Received:    from mv4xe3b.happymanads.eu (mv4xe3b.happymanads.eu [23.95.13.76]) by ****@************* (Postfix) with ESMTP id 5F0FB5050050 for <****@*************>; Thu, 29 May 2014 00:01:32 -0500 (CDT)
Received:    by 00091a87.mv4xe3b.happymanads.eu (amavisd-new, port 1835) with ESMTP id 00F091AY87; for <****@*************>; Wed, 28 May 2014 22:01:28 -0700
Message-ID:    <[email protected]>
Subject:    [SPAM 3.5] Homeowners should not ignore this email!
To:    <****@*************>
From:    "Rates" <[email protected]>
Date:    Wed, 28 May 2014 22:01:28 -0700
Content-Language:    en-us
MIME-Version:    1.0
Content-Transfer-Encoding:    8bit
Content-Type:    multipart/alternative; boundary="__________MIMEboundary__________"
X-Spam-Prev-Subject:    Homeowners should not ignore this email!

Issue viewing our email ? Please browse here.

http://www.happymanads.eu/l/lt7KN8YGS47KY/48XIY392AU636ET595780SEQSP39212/qs/?

Homeowners should not ignore this email!

http://www.happymanads.eu/l/lt7CP83547XF/48QDM392VFL12FU595780TLERC3921052/qs/?

Removal

http://www.happymanads.eu/l/lb5R5INS47DW/48PIN392UK636NK5780UXAGL2105292/qs/?

prospectus BURNED glimmer Redmond commented DESPATCHED distribuida Apr. NOWRAP SALLY
3114 orthodox arvato sieht luminaries glaube incorporated Matchen fecha espace dank
2FSAIR 7240 stockholders heb 5622 1f497d. netzero datum forwarding NOSHADE PODR JOBID
jrnl rai cdt purchased zendesk vragen FAKTURA 6899 // [rest deleted]



I just wonder about the sudden SPAM explosion.... I think I reported about 2-300 the last few days. URLs rarely repeat.

Update:
The URLs from the messages that I cleaned up this morning:
alongops.com
amazingslimforowmen01.us
amigobug.com
businessawardsnow.com
enormouslet.com
falseauto.com
flxhosebogodeals-01.us
gelzip.com
geyfast.com
keepzz-smilez.eu
millikat.com
moburveg.com
mysticaljog.com
northhoney.com
noskin-marks.eu
ohchoirons.com
ozav.net
paxmot.com
prntter.eu
relidrat.com
scott6.eu
sidetew.com
smc-review-score1348.us
topfunnynews.eu
toppositivnews.eu
tunkenti.com
twafigure.com
windowofferspecial0121.us
yahyen.com

They look like all from the same source to me.

A list I from last night. About half of them had no SPAM score (Spamassassin). SPAM over a certain score gets automatically deleted)

It seems that:

• Every domain was registered on that day.
• Every domain is used only once.

24daysinnsmiles.eu
24happysunshines.in
77happydayfuns.eu
adenmim.com
adilnce.me.uk
adountil.com
advnc-vacum.eu
agaocean.com
agencynoteit.com
ayedressyon.com
bestsellsa1.us
cellnip.com
cudrib.com
dunheavy.com
ersvug.com
factenormous.com
fromgyp.com
gjdsfjhsa.me.uk
glentrue.com
gschjdgd.me.uk
housemoveof.com
imuerdfens.me
junebackground-check.us
lemontreee.eu
livez-well.eu
nanothy.com
nearroad.com
nixdecorated.com
ohocur.com
peescuermenck.me
retdow.com
roundte.com
seemonpent.com
syntheticnew.com
tichesseed.com
vldly.co.uk
ygdstuds.me.uk


Top
 Profile  
 [ 1 post ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Ahrefs, Wayback machine and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008