Last visit was: Sat Jul 05, 2014 3:59 pm
It is currently Sat Jul 05, 2014 3:59 pm

Getting suddenly a lot of SPAM, see sample....

All times are UTC - 5 hours [ DST ]

 [ 1 post ] 
Author Message
 PostPosted: Thu May 29, 2014 2:45 am   
Getting started
User avatar

Joined: Wed Nov 03, 2010 11:47 pm
Posts: 45
Usually Spamassasin works OK (just ok, gmail filter is way better) but suddenly I get a lot of similar looking SPAM.

With similar I mean, email domain is usually the spamvertized URL. About 50% of those are *.EU domains.

Return-Path:    <[email protected]>
X-Spam-Checker-Version:    SpamAssassin 3.3.1 (2010-03-16) on ****@*************
X-Spam-Flag:    YES
X-Spam-Level:    ***
X-Spam-Status:    Yes, score=3.5 required=3.0 tests=BAYES_99,HTML_MESSAGE, SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.1
X-Spam-Report:    * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay * domain * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message
X-Original-To:    ****@*************
Delivered-To:    ****@*************
Received:    from ( []) by ****@************* (Postfix) with ESMTP id 5F0FB5050050 for <****@*************>; Thu, 29 May 2014 00:01:32 -0500 (CDT)
Received:    by (amavisd-new, port 1835) with ESMTP id 00F091AY87; for <****@*************>; Wed, 28 May 2014 22:01:28 -0700
Message-ID:    <[email protected]>
Subject:    [SPAM 3.5] Homeowners should not ignore this email!
To:    <****@*************>
From:    "Rates" <[email protected]>
Date:    Wed, 28 May 2014 22:01:28 -0700
Content-Language:    en-us
MIME-Version:    1.0
Content-Transfer-Encoding:    8bit
Content-Type:    multipart/alternative; boundary="__________MIMEboundary__________"
X-Spam-Prev-Subject:    Homeowners should not ignore this email!

Issue viewing our email ? Please browse here.

Homeowners should not ignore this email!


prospectus BURNED glimmer Redmond commented DESPATCHED distribuida Apr. NOWRAP SALLY
3114 orthodox arvato sieht luminaries glaube incorporated Matchen fecha espace dank
2FSAIR 7240 stockholders heb 5622 1f497d. netzero datum forwarding NOSHADE PODR JOBID
jrnl rai cdt purchased zendesk vragen FAKTURA 6899 // [rest deleted]

I just wonder about the sudden SPAM explosion.... I think I reported about 2-300 the last few days. URLs rarely repeat.

The URLs from the messages that I cleaned up this morning:

They look like all from the same source to me.

A list I from last night. About half of them had no SPAM score (Spamassassin). SPAM over a certain score gets automatically deleted)

It seems that:

• Every domain was registered on that day.
• Every domain is used only once.

 [ 1 post ] 

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: Google [Bot], Wayback machine and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008