spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: One-liner spams

Re: One-liner spams

From: Igor Chudov <igor_at_nospam>
Date: Tue Oct 12 2010 - 01:59:26 GMT
To: m@khonji.org

On Tue, Oct 12, 2010 at 01:40:09AM +0000, m@khonji.org wrote:
>
> Received: from [74.15.226.43] by web80505.mail.mud.yahoo.com via
> HTTP; Mon, 11 Oct 2010 11:06:16 PDT

This is Bell Canada, unremarkable.

>
> The line above is probably giving you spammer's source IP (or http
> proxy --- some SP use trans. fwd. proxies).
>
> Analyse that IP address and other similar spammers. If the region is
> not important blacklist the block in 74.15.226.43.

They do it from hacked computers.

> Or create a heuristic(s) that states: if mail is from Yahoo,
> contains a single line and from that IP block, then junk it. You'll
> need to test and make sure it doesn't have much FP.

It comes from gmail too, and I am sure from many originating
IPs. GMail does not report originating IP.

i

>
> ------Original Message------
> From: Igor Chudov
> To: Spamassassin Mailing List
> ReplyTo: igor@chudov.com
> Subject: One-liner spams
> Sent: Oct 11, 2010 10:12 PM
>
> I receive plenty of one-liner spams from hacked webmail accounts,
> advertising various fronts of a Chinese retailer of a certain famous
> chemical compound that enables sinful behaviors for people who were
> not capable physically.
>
> Example of such an email is here:
>
> http://igor.chudov.com/tmp/spam012.txt
>
> I fully realize that these emails are difficult to trap, but, perhaps,
> I am missing some innovations in the spamfighting field? Any idea how
> I can kill them?
>
> i
>
>
>
> ---
> Mahmoud Khonji