Usually Spamassasin works OK (just ok, gmail filter is way better) but suddenly I get a lot of similar looking SPAM.
With similar I mean, email domain is usually the spamvertized URL. About 50% of those are *.EU domains.
Return-Path: <
[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on ****@*************
X-Spam-Flag: YES
X-Spam-Level: ***
X-Spam-Status: Yes, score=3.5 required=3.0 tests=BAYES_99,HTML_MESSAGE, SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.1
X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay * domain * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message
X-Original-To: ****@*************
Delivered-To: ****@*************
Received: from mv4xe3b.happymanads.eu (mv4xe3b.happymanads.eu [23.95.13.76]) by ****@************* (Postfix) with ESMTP id 5F0FB5050050 for <****@*************>; Thu, 29 May 2014 00:01:32 -0500 (CDT)
Received: by 00091a87.mv4xe3b.happymanads.eu (amavisd-new, port 1835) with ESMTP id 00F091AY87; for <****@*************>; Wed, 28 May 2014 22:01:28 -0700
Message-ID: <
[email protected]>
Subject: [SPAM 3.5] Homeowners should not ignore this email!
To: <****@*************>
From: "Rates" <
[email protected]>
Date: Wed, 28 May 2014 22:01:28 -0700
Content-Language: en-us
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: multipart/alternative; boundary="__________MIMEboundary__________"
X-Spam-Prev-Subject: Homeowners should not ignore this email!
Issue viewing our email ? Please browse here.
http://www.happymanads.eu/l/lt7KN8YGS47KY/48XIY392AU636ET595780SEQSP39212/qs/?
Homeowners should not ignore this email!
http://www.happymanads.eu/l/lt7CP83547XF/48QDM392VFL12FU595780TLERC3921052/qs/?
Removal
http://www.happymanads.eu/l/lb5R5INS47DW/48PIN392UK636NK5780UXAGL2105292/qs/?
prospectus BURNED glimmer Redmond commented DESPATCHED distribuida Apr. NOWRAP SALLY
3114 orthodox arvato sieht luminaries glaube incorporated Matchen fecha espace dank
2FSAIR 7240 stockholders heb 5622 1f497d. netzero datum forwarding NOSHADE PODR JOBID
jrnl rai cdt purchased zendesk vragen FAKTURA 6899 // [rest deleted]
I just wonder about the sudden SPAM explosion.... I think I reported about 2-300 the last few days. URLs rarely repeat.
They look like all from the same source to me.
A list I from last night. About half of them had no SPAM score (Spamassassin). SPAM over a certain score gets automatically deleted)
• Every domain was registered on that day.
• Every domain is used only once.
Posted: Thu May 29, 2014 2:45 am 
