[antispam-f] Re: New spam technique

• From: Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: antispam@xxxxxxxxxxxxx
• Date: Wed, 04 Oct 2006 23:59:35 +0100

On 4 Oct 2006 as I do recall,
          Steven Pampling wrote:

> On 04 Oct, Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > A new type of spam is making its way past Antispam - and past
> > Spamstamp's subsequent filtering - by posing as mailing list traffic:
> 
> [Snip]
> 
> > I assume this is a mailing list that doesn't even *exist*;  it's
> > certainly not one I'm subscribed to!
> 
> Doesn't really matter. If you use mainly whitelists and all the mailing
> lists tend to have a subject line with a particular marker (like
> [antispam-f] in this case) so doing an accept on that normally works.

I've always used
Accept List-Id: = **
Accept Mailing-List: = **
in order to save having twenty or so separate rules (and having to
remember to add a new one if I subscribe to a new group), but clearly
they've cottoned onto this technique.   :-(

> 
> All other traffic set to DEFER and use the marking facility - not had
> *anything* get past that in I don't know how long.

I've got it set to header anything over 5000 bytes, on the grounds that
for e-mail under this size, it's actually slower to download the header
twice than to download the whole thing by default and then discard it -
and more work for me to mark them than it's worth (if Spamstamp gets
them then I don't have to read their revolting little subject lines).
So I suppose the fact that I'm getting a dozen or so small spams
slipping through the net every day this week isn't actually costing me
very much in download time.   :-)


One thing I have just noticed is that all these fake mailing list spams
have the string "Apple Message framework" in their Mime-Version header,
and a header "Received-SPF: pass (<domain>: local policy)" which normal
messages don't seem to have;  I don't get a lot of e-mail from Mac users
to check against.   How common are these headers?   I can't find any in
any of my mailing lists with a Mime-Version of anything other than
"1.0"....

-- 
Harriet Bazley                     ==  Loyaulte me lie ==

No man has a right to live - but every man has a duty to save him if he can

• Follow-Ups:
  • [antispam-f] Re: New spam technique
    • From: Jeremy C B Nicoll

• References:
  • [antispam-f] New spam technique
    • From: Harriet Bazley
  • [antispam-f] Re: New spam technique
    • From: Steven Pampling

Other related posts:

• » [antispam-f] New spam technique
• » [antispam-f] Re: New spam technique
• » [antispam-f] Re: New spam technique
• » [antispam-f] Re: New spam technique
• » [antispam-f] Re: New spam technique
• » [antispam-f] Re: New spam technique
• » [antispam-f] Re: New spam technique
• » [antispam-f] Re: New spam technique
• » [antispam-f] Re: New spam technique
• » [antispam-f] Re: New spam technique

1. Home
2. antispam
3. Archive
4. 10-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---