spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: One-liner spams

Re: One-liner spams

From: <m_at_nospam>
Date: Tue Oct 12 2010 - 01:40:09 GMT
To: igor@chudov.com,"Spamassassin Mailing List" <users@spamassassin.apache.org>


Received: from [74.15.226.43] by web80505.mail.mud.yahoo.com via HTTP; Mon, 11 Oct 2010 11:06:16 PDT

The line above is probably giving you spammer's source IP (or http proxy --- some SP use trans. fwd. proxies).

Analyse that IP address and other similar spammers. If the region is not important blacklist the block in 74.15.226.43.

Or create a heuristic(s) that states: if mail is from Yahoo, contains a single line and from that IP block, then junk it. You'll need to test and make sure it doesn't have much FP.


------Original Message------
From: Igor Chudov
To: Spamassassin Mailing List
ReplyTo: igor@chudov.com
Subject: One-liner spams
Sent: Oct 11, 2010 10:12 PM

I receive plenty of one-liner spams from hacked webmail accounts,
advertising various fronts of a Chinese retailer of a certain famous
chemical compound that enables sinful behaviors for people who were
not capable physically.

Example of such an email is here:

http://igor.chudov.com/tmp/spam012.txt

I fully realize that these emails are difficult to trap, but, perhaps,
I am missing some innovations in the spamfighting field? Any idea how
I can kill them?

i



---
Mahmoud Khonji