[antispam-f] Re: What have they got against Deborah anyway?
- From: Dave Barnett <as10@xxxxxxxxxxxxxxxxx>
- To: antispam@xxxxxxxxxxxxx
- Date: Sat, 18 Nov 2006 11:09:17 GMT
In a recent message Harriet Bazley
<lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> On 10 Nov 2006 as I do recall,
> Harriet Bazley wrote:
>
>> We have been under massive Debora[h] attack for several days - somebody
>> is generating messages from a vast number of names all claiming to be
[....]
> I don't know if this helps:
> from http://permalink.gmane.org/gmane.mail.virus.mailscanner/46471
>
> "I've found that a lot of the "debora" spam, as well as a fair amount
> of other spam, matches /6c822ecf/ in one or more of Message-ID and
> Content-ID headers. I have yet to see a false positive."
>
These may also shed a little light on the probable source (from /.):
www.eweek.com/article2/0,1895,2060235,00.asp
www.eweek.com/slideshow_viewer/0,1205,l=&s=25954&a=194164&po=4,00.asp
www.eweek.com/slideshow_viewer/0,1205,l=&s=25954&a=194164&po=7,00.asp
It will come as no surprise that 72% of the infected OSs are XP and
that, by far, the biggest location of the bots is the US of A.
I don't know if this info can help in writing rules to block the
current spam epidemic. Identifying the mailer/Mime versions may be a
start. Time zone or country blocking (in combination with other
criteria) could help.
--
Dave
Keep GMT all year
Other related posts:
