Re: Bank fraud phish

>For the most part, I agree, but the client here has also contracted >with Wombat and they managed to detect this email as "Probably Phish". >We're missing something with spamassassin. Any security system, Antiviruses, Sandboxes, etc...  that  can be tested in advance can be bypassed... it is

Re: Bank fraud phish

Thanks David! i totally agree... and the photo is also a fake :-) children learning to ride a bike do not smile! they suffer panic! :-p cheer... Pedro. From: David B Funk To: SA Mailing list Sent: Tuesday, October 24, 2017 11:12 PM Subject: Re: Bank fraud phish On Tue, 24 Oct 201

Re: Bank fraud phish

On 24 Oct 2017, at 16:05 (-0400), John Hardin wrote: > The line break between the header and the ID is unusual, but not invalid. > That might potentially be a usable spam sign. No, it isn't. Or at least it wasn't 2 years ago. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpy

Re: Bank fraud phish

Hi, On Tue, Oct 24, 2017 at 4:34 PM, Pedro David Marco wrote: > Out of curiosity... > > "account is deactivated due to inactive," > > is this correct in english? shouldn't it be "inactivity"? Yes, it's not proper English, but I don't think it really matters - there are innumerable potential vari

Re: Bank fraud phish

On Tue, Oct 24, 2017 at 2:49 PM, David Jones wrote: > On 10/24/2017 01:32 PM, Alex wrote: >> >> Hi all, I'm wondering if someone has some ideas to handle bank fraud >> phishing emails, and in particular this one: >> >> https://pastebin.com/wxFtKK16 >> >> It doesn't hit bayes99 because we haven't s

Re: FROM header with two email addresses

On Tue, 2017-10-24 at 13:22 +0200, Merijn van den Kroonenberg wrote: > > Hello all, I was the original poster of this topic but was away for a > > couple of days. > > I find it amazing to see the number of suggestions and ideas that have > > come up here. > > > > However none of the constuctions m

Re: Bank fraud phish

On Tue, 24 Oct 2017, Pedro David Marco wrote: Out of curiosity... "account is deactivated due to inactive,"   is this correct in english? shouldn't it be "inactivity"? It isn't good English, but I've seen worse from official notices. Now the fact that it claims to be a US financial company

Re: Bank fraud phish

On Tue, 24 Oct 2017, Rupert Gallagher wrote: Easy one. The Message-ID is not well formed / RFC compliant. We reject such junk upfront.  Sent from ProtonMail Mobile On Tue, Oct 24, 2017 at 8:32 PM, Alex wrote: Hi all, I'm wondering if someone has some ideas to handle bank fraud phishi

Re: Bank fraud phish

Out of curiosity... "account is deactivated due to inactive,"   is this correct in english? shouldn't it be "inactivity"? Pedro

Re: Bank fraud phish

On Tue, 24 Oct 2017, Rupert Gallagher wrote: Easy one. The Message-ID is not well formed / RFC compliant. We reject such junk upfront. How so? That looks totally valid to me... < dot-atom-text @ dot-atom-text > The line break between the header and the ID is unusual, but not invalid.

Re: Bank fraud phish

On 10/24/2017 02:54 PM, Rupert Gallagher wrote: Easy one. The Message-ID is not well formed / RFC compliant. We reject such junk upfront. Sent from ProtonMail Mobile Does this block all email out of Office 365 or just a subset of junk? On Tue, Oct 24, 2017 at 8:32 PM, Alex

Re: Bank fraud phish

Easy one. The Message-ID is not well formed / RFC compliant. We reject such junk upfront. Sent from ProtonMail Mobile On Tue, Oct 24, 2017 at 8:32 PM, Alex wrote: > Hi all, I'm wondering if someone has some ideas to handle bank fraud phishing > emails, and in particular this one: https://past

Re: Cell phone networks list?

The tmobile one works On Tue, Oct 24, 2017 at 1:57 PM, mark seiden wrote: > not sure if all of these are currently in use, but: > > txt.voice.google.com > > mms.att.net > > tmomail.net > > vzwpix.com > > vtext.com > > > On 10/24/17 10:09 AM, Marc Perkel wrote: >> Does anyone have a cell phone net

Re: Bank fraud phish

On 10/24/2017 01:32 PM, Alex wrote: Hi all, I'm wondering if someone has some ideas to handle bank fraud phishing emails, and in particular this one: https://pastebin.com/wxFtKK16 It doesn't hit bayes99 because we haven't seen one before, and txrep subtracts points. It also doesn't hit any blac

Bank fraud phish

Hi all, I'm wondering if someone has some ideas to handle bank fraud phishing emails, and in particular this one: https://pastebin.com/wxFtKK16 It doesn't hit bayes99 because we haven't seen one before, and txrep subtracts points. It also doesn't hit any blacklists. Ideas for blocking these, and

Re: Cell phone networks list?

not sure if all of these are currently in use, but: txt.voice.google.com mms.att.net tmomail.net vzwpix.com vtext.com On 10/24/17 10:09 AM, Marc Perkel wrote: > Does anyone have a cell phone network list of host names where email > from cell phones might be coming from? So far I have: > > my

Cell phone networks list?

Does anyone have a cell phone network list of host names where email from cell phones might be coming from? So far I have: mycingular.net myvzw.com Can you add to this list? -- Marc Perkel - Sales/Support supp...@junkemailfilter.com http://www.junkemailfilter.com Junk Email Filter dot com 415-

Re: FROM header with two email addresses

> Hello all, I was the original poster of this topic but was away for a > couple of days. > I find it amazing to see the number of suggestions and ideas that have > come up here. > > However none of the constuctions matched "my" From: lines of the form > > From: "Firstname Lastname@" sendern...@re