Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - New Spam Trend
  FAQ FAQ  Forum Search   Register Register  Login Login

New Spam Trend

 Post Reply Post Reply
Author
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Topic: New Spam Trend
    Posted: 14 February 2004 at 6:14pm

Has anyone seen the same trend I have over the past 3-4 days?  I am seeing less keywords than usual and my No RDNS and MAPS are way up.  I use the following MAPS Servers:

dnsbl.sorbs.net
cbl.abuseat.org
dnsbl.njabl.org
sbl.spamhaus.org

Regards,

Dan S.

Back to Top
eric View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote eric Quote  Post ReplyReply Direct Link To This Post Posted: 15 February 2004 at 1:53pm

maybe spammers noticed microsoft fixed the http:// ... @ and the http://....: bug...

which makes their body unreadable, as plain txt....

i use now the xbl-sbl.spamhaus.org, it`s the rbl and exploit DB in one lookup,

works great, high hit rates.

 

-eric-

Back to Top
George View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote George Quote  Post ReplyReply Direct Link To This Post Posted: 15 February 2004 at 5:48pm

I have seen the same thing. Less keywords but I see more of: "557 You exceeded the maximum number of RCPT TO" then anything else. I wish I could not quarantine them with out turning quarantineing off completely. Mydoom and Max RCPT TO are this most common blocked emails during the last week on my network with RDNS and MAPS following and keywords. Since I block a lot of countries they are the most blocked source.

Back to Top
eric View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote eric Quote  Post ReplyReply Direct Link To This Post Posted: 16 February 2004 at 5:21am

i notice more encoded messages,

html>
body>
p><font color="#FFFFF1">OQ14 274Mb21 8h F2YEVK0 q225u sq22h6K2 X57pY3 nn312</font></p>
<A href="http://202.71.240.122:8888/index.htm"><IMG src="cid:Q8011pm28ifs6P2CoEu47Hi4Bx354g3V" border=0></A>
<p><font color="#FFFFF4">0qU h7t23n 54r2 5662 5hsOb FX14BJ43h bYn63 5R6 21tSIE 47586mn36 j7582X43 y1Bd</font></p>

like we use to hide our http://mailto: tags, in sites, spammers now use that same feature.

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.