Re: SHOPIFY_IMG_NOT_RCVD_SFY but from Shopify

2021-11-17 Thread Joseph Brennan
Smith, actually. So far right that he went around the dial and wanted to defund police. Joseph Brennan

Re: User receiving hundreds of subscribe requests

2020-10-01 Thread Joseph Brennan
content to > >> this particular user because it's so regular and so varied in terms of > >> the types of requests, but all appear legitimate. > > > > We've see this too now and then. A few customers got 20k+. > > > > It's more in the nature of very annoying mischief, although it could be > > a targeted attack. > > > > -kgd > > > > -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information Technology

Re: BIMI pilot at Google

2020-07-23 Thread Joseph Brennan
ading this thing. -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information Technology

Re: base64 encoded sextorsion

2020-04-29 Thread Joseph Brennan
weekend project. {rolleyes} > > One should do something useful with their life or family, I suggest ignoring > this game of whackamole unless it takes few minutes. :-D It's pointless to > try adding all combinations in _advance_, since all this is extremely simple > to bypass with random typos and whitespaces and whatever chars.. > -- Joseph Brennan Lead, Email and Systems Applications

Re: How to block chimpmail emails?

2020-03-16 Thread Joseph Brennan
t; I receive several marking emails from chimpmail. I've tried adding the > from email address to the blackfrom_list, but that does not block > chimpmail. How can a person block these? > > Thank you. > > Daryl > > > -- Joseph Brennan Lead, Email and Systems Applications

Bitcoin ransom mail

2019-12-10 Thread Joseph Brennan
ge. There isn't much else there. -- Joseph Brennan Lead, Email and Systems Applications

Re: MALFORMED_FREEMAIL

2019-11-01 Thread Joseph Brennan
e I was writing about. -- Joseph Brennan Lead, Email and Systems Applications

MALFORMED_FREEMAIL

2019-11-01 Thread Joseph Brennan
RS_LCASE strikes me as very different and much more likely to be faked mail. I don't know of any freemail providers that write header names in all lower case. A check against the corpus obviously needs to back up my guess but I think I'm right. -- Joseph Brennan Lead, Email and Systems Applications

Re: Meta for bogus MIME with DKIM valid?

2019-07-08 Thread Joseph Brennan
y > there really are! > > > > -- > Joseph Brennan > Lead, Email and Systems Applications > > > -- Joseph Brennan Lead, Email and Systems Applications

Re: Meta for bogus MIME with DKIM valid?

2019-06-13 Thread Joseph Brennan
Yes, replying to myself. It just occurred to me that that we refuse mail from hosts in the Spamhaus lists, so messages from those don't get analyzed by spamassassin. The 50,000 I mentioned is how many were NOT caught that way. I wonder how many there really are! -- Joseph Brennan Lead,

Re: Meta for bogus MIME with DKIM valid?

2019-06-13 Thread Joseph Brennan
On Thu, Jun 13, 2019 at 3:01 PM Antony Stone < antony.st...@spamassassin.open.source.it> wrote: > On Thursday 13 June 2019 at 17:45:02, Joseph Brennan wrote: > > > We've been refusing mail based on this stupid error for a year and a half > > (local rule) and no fa

Re: Meta for bogus MIME with DKIM valid?

2019-06-13 Thread Joseph Brennan
that the spammer does not send on Sundays. I agree that many of them hit no other rule. -- Joseph Brennan Lead, Email and Systems Applications

The latest bitcoin spam 1/22/19

2019-01-22 Thread Joseph Brennan
://pastebin.com/p6xaWcA7 Joseph Brennan Columbia U

New bitcoin ransom message today

2018-12-13 Thread Joseph Brennan
have a good copy of the body yet, and do not know what rules it already hits. If anyone else here got these maybe you can beat me to getting a sample. I'll send more later if I get more information. -- Joseph Brennan Lead, Email and Systems Applications

Office 365 and the To header

2018-12-05 Thread Joseph Brennan
a lost art. This might affect scoring of the MISSING_HEADERS rule eventually. (Despite the name it seems to mean only a missing "To" header.) -- Joseph Brennan Lead, Email and Systems Applications

Re: : 9D character used in words to avoid detection

2018-11-24 Thread Joseph Brennan
s-1256. If this spam technique spreads I still think it would be worth some score. A broader rule would look for an ISO encoding of the same Arabic no-space character between non-Arabic characters. Joseph Brennan Columbia U I T

Re: : 9D character used in words to avoid detection

2018-11-19 Thread Joseph Brennan
been done and I've missed it? Joseph Brennan Columbia U I T On Mon, Nov 19, 2018 at 11:49 AM Mark London wrote: > On 11/19/2018 10:35 AM, users-digest-h...@spamassassin.apache.org wrote: > > I ran it as-is, and it scored poorly. > > After I manually de-borked the heade

KHOP_DYNAMIC

2018-10-19 Thread Joseph Brennan
KHOP_DYNAMIC hits on hostnames like mx0b-00145802.pphosted.com. Proofpoint addresses are always mail servers, not dynamic end-user lines. -- Joseph Brennan Lead, Email and Systems Applications

Bitcoin update

2018-10-04 Thread Joseph Brennan
n; charset="windows-1256" Content-Transfer-Encoding: quoted-printable Yo=9Du wi=9Dll ha=9Dv=9De two diff=9Derent so=9Dluti=9Do=9Dns. Why dont w= =9De check o=9Dut =9Dea=9Dch on=9De o=9Df thes=9De o=9Dpti=9Dons in deta=9D= i=9Dls: Joseph Brennan Columbia U I T

Re: Line too long [rfc 2822, section 2.1.1]

2018-07-13 Thread Joseph Brennan
Most commonly the Subject contains what should have been the message body. -- Joseph Brennan Lead, Email and Systems Applications

Re: oxy/diabetes/cbd/big pharma spam

2018-02-23 Thread Joseph Brennan
23 we have seen hosts in these blocks, below. Yesterday was 23.95.197 and 104.234.218. Joseph Brennan Columbia University I T 23.94.138 23.94.165 23.95.197 23.95.200 45.65.16 46.102.117 46.166.186 63.143.38 64.186.14 66.70.254 67.214.188 69.195.136 74.63.251 74.80.147 76.164.198 84.247.12 85.1

Re: Email filtering theory and the definition of spam

2018-02-10 Thread Joseph Brennan
olating RFC 822. He can say he is blocking because he wants mail to have a To header. He can block because a subject line contains the letter Z if he wants to. That is a different line of argument than calling an RFC violation. -- Joseph Brennan

Re: Email filtering theory and the definition of spam

2018-02-09 Thread Joseph Brennan
is To, then To must contain an address. In section 4.5.3 it states that Bcc contents are not included in copies sent, which leaves a transmitted message with just Date and From, the state which the plaintiff claims is not compliant. -- Joseph Brennan

Re: Penalty for no/bad SPF

2018-01-27 Thread Joseph Brennan
lance out the PTR fail. I have not had a chance yet to test this out in real mail flow to see how close it comes to being something good enough to reject mail. Joseph Brennan

Re: New idea for stopping spam

2018-01-27 Thread Joseph Brennan
Ted Mittelstaedt wrote: I have noticed that spam tracks current events. We've had a run of spam recently with a teaser subject that Megyn Kelly might q uit Fox news. That's a little less than current! Joseph Brennan

Re: Penalty for no/bad SPF

2018-01-24 Thread Joseph Brennan
record with too many DNS lookups. Are you willing to block that? That one amazes me since SPF is the simplest of these ventures to implement correctly, and since the Times's frequent mailings of news updates evidently are not affected enough by SPF fail for the Times to go fix it. Joseph Br

FSL_MIME_NO_TEXT and MIME_NO_TEXT

2018-01-09 Thread Joseph Brennan
t as an attachment, and I think the generic "octet-stream" is correct since there is no specific software that must be used for a plain text file. (I'm actually surprised that there is nothing like application/plaintext for this case, but I could not identify such a type in a web

Re: TO_NO_BRKTS_DYNIP

2017-12-05 Thread Joseph Brennan
g its half a billion servers, like ec2-54-225-189-51.compute-1.amazonaws.com for 54.225.189.51, since like end-user IPs they are interchangeable parts. I'd be inclined to exclude them from RDNS_DYNAMIC. Joseph Brennan / Columbia U PS-- They do have nice matching PTR and A records.

TO_NO_BRKTS_DYNIP

2017-12-04 Thread Joseph Brennan
m not silly enough to say they are free of spam customers, but they are definitely servers. Joseph Brennan / Columbia U

SURBL upsmychoicedeals (dot) com

2017-11-30 Thread Joseph Brennan
domain. -- Joseph Brennan Lead, Email and Systems Applications

Re: Whitelisting amazon where no DKIM_VALID_AU exists

2017-08-30 Thread Joseph Brennan
at content. It is interesting that Spamhaus does not list the sending IPs or the web hosts. Maybe their secret honeypot addresses do not have enough .edu presence. (google: "honor society" scam) -- Joseph Brennan Columbia University

Re: version 3.4.1 with block TLD

2017-06-12 Thread Joseph Brennan
? It's easy: From:us REJECT From:ci.boston.ma.us OK From:corunna.k12.mi.us OK Or name the states: From:us REJECT From:ma.us OK From:mi.us OK Joseph Brennan Columbia University

"Google Docs" message

2017-05-05 Thread Joseph Brennan
hings will diagnose future attempts. -- Joseph Brennan

Re: The real spoofing issue (was Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless)

2016-10-18 Thread Joseph Brennan
--On October 18, 2016 at 02:06:38 -0400 Ruga wrote: > > <does not belong to the author(s) of the message.>> ... unless you're applying DMARC, which says the "From:" should instead "align" with something other than the author of the message in some cases. --Joseph Brennan

sa-update errors

2016-08-30 Thread Joseph Brennan
kipping, in "/tmp/.spamassassin17852Aeax7dtmp/72_active.cf": uridnsbl_skip_domain accessbankplc.com ... config: failed to parse line, skipping, in "/tmp/.spamassassin17852Aeax7dtmp/72_active.cf": uridnsbl_skip_domain zugerkb.ch channel: lint check of update failed, channel failed Joseph Brennan Columbia University Information Technology

Re: SA bayes file db permission issue

2016-06-10 Thread Joseph Brennan
(like Intel) are both little-endian-- so it is probably not the answer in this case. This is a nice test I found: echo -n I | od -to2 | awk '{ print substr($2,6,1); exit}' 1 little-endian 0 big-endian Joseph Brennan Columbia U

Re: Reporting gmail spam to Google

2016-05-19 Thread Joseph Brennan
align" with the mail system that sent the message? Well, they also changed the SPF protocol so that -all should not be used. Using ~all causes processing to continue through DKIM and DMARC, and then the failure gets reported to the "ruf" address. Using -all is just for SPF-only

Re: new(ish) malware: RTF with MIME payload

2016-03-19 Thread Joseph Brennan
e logged, so I can't say whether the unusual X- headers continue. Spamhaus knows most of the hosts they are sending from. Joseph Brennan Columbia University Information Technology

Re: Prevent 'on behalf of' showing internal but really from external domain

2016-01-15 Thread Joseph Brennan
ent of the From header, so this spoofs effectively. If you want to catch this, you'd want to score for the case where the From header has your domain but the Sender header does not. BUT be careful. A rule like that would hit on mail sent through mailing lists and some other legitimate "send as" cases. Joseph Brennan Columbia University I T

Softlayer hostname changes

2015-10-15 Thread Joseph Brennan
ntil we notice. Other than that I don't see the purpose to this change. Joseph Brennan Columbia University I T

Re: phishing rules

2015-08-24 Thread Joseph Brennan
clicks. Even if you don't use Proofpoint to do this rewriting, you're going to see the result sometimes in replies that include the original, and forwards. Ironically this is an ANTI phishing technique. I realize you're not interested but other people read this list :-) Joseph B

Re: Disable awl when some other rule hit

2014-03-19 Thread Joseph Brennan
this goal? I can't think of anyway to do it without adding functionality to SA, sorry. Does this do it? score AWL 0 meta LOCAL_SCORE_AWL AWL && !URIBL_DBL_SPAM score LOCAL_SCORE_AWL-10 where -10 is whatever score AWL usually has (I forget) Joseph Brennan Columbia U I T

Re: HEADS UP: DBSL.org is returning positive replies

2012-08-10 Thread Joseph Brennan
x27;t need to go any further. Joseph Brennan Columbia University Information Technology

New type of image spam

2012-06-12 Thread Joseph Brennan
;'. The image is a picture of text written in Chinese. Joseph Brennan Columbia University Information Technology src="http://img04.taobaocdn.com/imgextra/i4/167488816/T2tRdHXgXM_!!167488816.gif"; type=image>

Re: spamassassin rule set issue

2012-04-18 Thread Joseph Brennan
with html tags, e.g. orange. Joseph Brennan Columbia University Information Technology

Re: Better phish detection

2012-03-16 Thread Joseph Brennan
tives. No META needed. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Better phish detection

2012-03-16 Thread Joseph Brennan
. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: no score when doctype is declared

2012-02-23 Thread Joseph Brennan
fields and format, which are not present there. Including a plain part is desirable in many cases but not all. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Lots of comment in mail, how to score

2012-02-07 Thread Joseph Brennan
ikely comment before body begins is unique to spam, but... you never know. It sounds like valid html so some web programmer might find a reason to put it in mail output. Now ... with garbage in it is interesting. That would never be in real mail. Or so you'd think! Joseph Brennan C

Re: Lots of comment in mail, how to score

2012-02-07 Thread Joseph Brennan
body __SR1 /\s{0,2}\s{0,2}/ does not work since body rules strip html comments with rawbody it ignore limits but hits on both And don't score too high. Example: Confirmations from Travelocity contain a 28 KB comment. Joseph Brennan Columbia University Information Technology

Re: sa-learn and modern spam sizes

2011-12-16 Thread Joseph Brennan
The maximum message size is 256 MB. I've never seen spam larger than 3 MB. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: myfanbox.com

2011-11-07 Thread Joseph Brennan
allow the mail. The samples were from f...@fanboxnotes.com and nore...@fanboxnotes.com. They look like the ones reported here, including the lower-case header labels. Joseph Brennan Columbia University Information Technology

Re: Bayes Poisoning

2011-10-18 Thread Joseph Brennan
email as I am at at designing web pages :-) Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Unable to understand spamassassin rule

2011-06-17 Thread Joseph Brennan
ree, anyway). A link in part 1 opens the HTML attachment in a new window, and that links you to the secure web page with the secure message. But anyway, an HTML attachment is still odd enough to rate a low score. Joseph Brennan Columbia University Information Technology

Re: Nearly 200.000 Spams today from coolserver.info and starsweet.info

2011-06-17 Thread Joseph Brennan
--On Friday, June 17, 2011 0:58 +0200 Benny Pedersen wrote: make a info tdl rule with a score of 2.5, Meta: From has .info AND uri has .info, score 2.0. We've done it for years. Works fine. Maybe it could be 2.5. Joseph Brennan Columbia University Information Technology

Re: X-Spam-Status: Yes, score=18.4 - Still delivered.

2011-05-18 Thread Joseph Brennan
score the same as for any other message, if you can. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Regex help

2011-04-22 Thread Joseph Brennan
t could be that a meta of multiple plus something else gets a more accurate spam diagnosis, so I'm not saying it's useless, but it is not as straightforward as it seems. Joseph Brennan Columbia University Information Technology

Re: The one year anniversary of the Spamhaus DBL brings a new zone

2011-03-08 Thread Joseph Brennan
at we were willing to 550 based on a match. I could see scoring for shorteners. So this is good news. Joseph Brennan Columbia University Information Technology

Re: Points for missing MX Records

2011-02-24 Thread Joseph Brennan
about checking for an MX record for the sender address, not the host. Joseph Brennan Columbia University Information Technology

Re: RFC-Ignorant (was Re: Irony)

2011-02-02 Thread Joseph Brennan
look out, they can also be hosts at small organizations with overworked or newbie system admins. I would not block outright for that. As David said, lots of fps await. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Spamhaus Whitelist

2010-11-06 Thread Joseph Brennan
feed? I've asked twice with no results. Consequently we haven't started using it. We'd be doing well over a million lookups a day. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Full circle DNS test?

2010-10-31 Thread Joseph Brennan
m to be routine. We've considered blocking for it, but we'd end up doing a lot of whitelisting and interfering with mail that our users want. It's worth scoring for, and RDNS_NONE already matches this case. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Whitelist questions

2010-10-05 Thread Joseph Brennan
David B Funk wrote: Notice also that the rule checks the header From:, not the envelope, and they could be different. When did that change? Sorry. I am wrong. Joseph Brennan Columbia University Information Technology

Re: Whitelist questions

2010-10-05 Thread Joseph Brennan
X-Envelope-From: Received: from S253906HZ1EW06.usstls6-hosting.savvis.net (unknown [209.16.192.170]) Is it because there is no reverse DNS entry? Yes. Notice also that the rule checks the header From:, not the envelope, and they could be different. Joseph Brennan Columbia University Information Technology

MSGID_RANDY getting old

2010-09-28 Thread Joseph Brennan
ealth care messages can be identified by these features: Subject contains /Secure Message from / followed by the same address as the From header. The message body contains a MIME part named securedoc.html coded as application/octet stream. I cannot post a sample secure message. Joseph Brennan Colum

Re: Yahoo HTML Base64 Attachments

2010-09-17 Thread Joseph Brennan
nd I think this matches it: /document\.write\(unescape\(\"(\%..\%){10,}/ While unescape is a legitimate function, it's odd that a string would start off with a lengthy series of escaped characters. This seems to need a RAWBODY check to match. That's as far as I've got. Jose

Re: Yahoo HTML Base64 Attachments

2010-09-17 Thread Joseph Brennan
from Yahoo. No DKIM, no Newman property. That's a fake header. The javascript is just an incredibly obfuscated way of putting in a url. Base 64, javascript, two layers of redirect and... it's the "Canadian" Pharmacy. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Checking envelope sender

2010-09-09 Thread Joseph Brennan
-- Re: Joseph Brennan: Why doesn't sendmail reject it like it does here? (..) .. Domain name required for sender address I cannot afford rejecting all null senders as those could be legitimate Delivery Status Notification messages. What I am looking is a pattern for line: MAIL FROM:

Re: Checking envelope sender

2010-09-07 Thread Joseph Brennan
ot; <>>, relay=adsl-pool-124.157.160-227.dynamic.tttmaxnet.com [124.157.160.227] (may be forged), reject=553 5.5.4 <"vjaqrra scuper acntive make your sskexxual" <>>... Domain name required for sender address Joseph Brennan Columbia University Information Technology

Re: How the hell barracuda behaves?

2010-08-18 Thread Joseph Brennan
69.86.203.182 is still listed. Go to the URL. It does not tell you why but suggests many possible reasons. I'd go for the last one :-) Joseph Brennan Columbia University Information Technology

Re: How the hell barracuda behaves?

2010-08-18 Thread Joseph Brennan
an example of not recording the HTTP hop. That makes it harder to distinguish spam from well-known problem Ip sources. In my opinion the origin should be shown. On the other hand, back to topic, Barracuda rejecting for mail originating on a dialup line is just crazy. We've seen it too. J

Re: NO_RELAYS spam

2010-06-19 Thread Joseph Brennan
list. The name of the list (undisclosed recipients) has no < > marks. The addresses in the list would be between the colon and semicolon and each would be in < > marks. The malformed is probably a good clue to tracking down what software is involved. Most mail software would not wri

Re: Should Spamhaus default to disabled?

2010-06-11 Thread Joseph Brennan
right that SA would catch pretty much the same messages, we'd need significantly more hardware to do it only with SA. I realize this is separate from the question of whether SA should run Spamhaus tests by default. I just want to make a point about Spamhaus. Joseph Brennan Columbia University Information Technology

Re: does anyone know of (filtering-)software that would fiddle with Content-Type?

2010-06-02 Thread Joseph Brennan
ooked a good reason to do this... no, I don't think so. Why not blame the software that created the message? Joseph Brennan Columbia University Information Technology

Re: percentage off spam

2010-05-18 Thread Joseph Brennan
match a lot of them: Subject =~ /\%.*(special|lower|sale|off|on|today)/i Subject =~ /(don.t miss|special|save|sale).*\%/i Subject =~ /-\d+\%/ You probably can't give more than 1 or 2 points or you'll fp. They keep changing too. The minus-percent just started recently. Joseph Brenna

Re: new kind of spam (apparently from mailer daemon)

2010-04-26 Thread Joseph Brennan
#x27;s almost like a very old virus that got reactivated somehow. How many email viruses do you even see these days? Did antivirus provide a name for this thing? Joseph Brennan Columbia University Information Technology

Re: Top Ten Rules

2010-04-22 Thread Joseph Brennan
ation. It's worthwhile giving them an error too, so they'll know about it. Joseph Brennan Columbia University Information Technology

Re: Top Ten Rules

2010-04-20 Thread Joseph Brennan
m our users.) Joseph Brennan Columbia University Information Technology

Re: Botnet plugin still relevant?

2010-03-22 Thread Joseph Brennan
parsingÂ’ of Received headers, or for other than checking IP addresses that hand off to your mailservers. Joseph Brennan Columbia University Information Technology

Re: Rules correct ?

2010-03-22 Thread Joseph Brennan
actly what you want to do. Joseph Brennan Columbia University Information Technology

Re: Off Topic - SPF - What a Disaster

2010-02-26 Thread Joseph Brennan
Jason Bertoch wrote: Every modern mail solution allows an account holder to pop/imap to another account to pull in mail from somewhere else. But this introduces a security hole, where the password to an account on System A is stored on System B. Forwarding avoids that. Joseph Brennan

Re: How should this tricky spam be filtered?

2010-02-08 Thread Joseph Brennan
might send mail where it creates a dummy personal name out of the address, e.g. From: 'u...@www.example.com' While this is routine in To and Cc fields, I do not have a real example of it in a From field, so I can't be sure it happens. Joseph Brennan Columbia University Information Technology

Re: Fake mailing list spam

2010-01-12 Thread Joseph Brennan
Report the abuse to Google and reject any mail from @listserv.bounces.google.com Trademark violation? http://www.lsoft.com/corporate/trademark.asp I thought this was faked the first time I saw it. Joseph Brennan Columbia University Information Technology

Re: False positive for LOCAL_BODY_CIALIS

2010-01-05 Thread Joseph Brennan
Ned Slider wrote: bodyLOCAL_BODY_CIALIS /\bcialis/i That's probably what the rule is, and it will match 'spe/cialistes'. Joseph Brennan Columbia University Information Technology

Babelfish obfuscation

2009-10-05 Thread Joseph Brennan
.202 (yahoo) and then %2E%63%6E for .cn Joseph Brennan Columbia University Information Technology

Re: Geniuses at expedia.com

2009-08-06 Thread Joseph Brennan
laska? I think that's the only place in timezone -0800 this time of year. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

RE: Freelotto.com

2009-07-07 Thread Joseph Brennan
Freelotto.com went on our local blocklist on October 31, 2001. No one here has ever asked us about not getting mail from that domain. Joseph Brennan Columbia University Information Technology

Re: Wondering why this scored a -4.0

2009-05-11 Thread Joseph Brennan
par3.com. Their current SPF record does not mention those, but it ends with ~all. A lot of banks send via third party servers, or domains of former banks they merged at some point. Many times sender and hostname do not match. Joseph Brennan Lead Email Systems Engineer Columbia University

Re: Looking for list of bank domains

2009-03-30 Thread Joseph Brennan
s would be extremely careful about this stuff. Ha ha ha. They're not. Joseph Brennan Columbia University Information Technology

Re: Webmail spammers

2009-03-02 Thread Joseph Brennan
spam. Joseph Brennan Columbia University Information Technology

Re: Webmail spammers

2009-03-01 Thread Joseph Brennan
ger to stop the mail from going out. And of course a sudden increase in volume from a user could also trigger. Joseph Brennan Columbia University Information Technology

Re: Something doofuzzled in a * ^To: line.

2009-02-23 Thread Joseph Brennan
and then ';' ends the list. The undisclosed recipients:; notation, the only case commonly seen, is just a list with no addresses in it. Also somewhat common is... To: Members of the List Blablabla:; ... as written by Listserv. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: html experts: empty

2009-01-29 Thread Joseph Brennan
LEGIT EMAIL with this in it? Microsoft products regularly have for no obvious reason. However lower-case is unusual, but not unheard of. Joseph Brennan Columbia University Information Technology

Re: Regular expression help

2009-01-23 Thread Joseph Brennan
the following: /\bP\.?O\.?[:#]? [#]?/i /P\.?O/ Expect it to match things besides purchase orders, but they will be false negatives. Joseph Brennan

Re: Twist on Day Old Bread list idea

2008-12-03 Thread Joseph Brennan
e its own set of domains that it sees frequently (or that it wants to whitelist permanently). Joseph Brennan Columbia University Information Technology

Re: SURBL Usage Policy change

2008-11-12 Thread Joseph Brennan
aculty and staff and the summer overlap of graduated and admitted student accounts. Requiring large organizations to use rsync and charging for it makes a lot of sense. How much, though... and we didn't budget this in when we estimated last spring, for the July-June fiscal year schools use

Re: Phishing rules?

2008-11-02 Thread Joseph Brennan
Sahil Tandon <[EMAIL PROTECTED]> wrote: We get some legitimate email from @live.com users. But they don't set a Reply-to header. That's the test. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Phishing rules?

2008-11-01 Thread Joseph Brennan
o educate people. I'll try to comfort myself with that. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Phishing rules?

2008-11-01 Thread Joseph Brennan
artly local to us. Another useful local rule is to check for the uri of your own webmail. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology

Re: Phishing rules?

2008-11-01 Thread Joseph Brennan
Reply-to: [EMAIL PROTECTED] First pass: header LOCAL_REPLYTO_LIVE Reply-to =~ /[EMAIL PROTECTED]/ score LOCAL_REPLYTO_LIVE8.0 Maybe scoring 8.0 for one thing scares you, but I haven't seen this fp in a couple of months. Joseph Brennan Columbia University Inform

  1   2   >