Re: Domain ages (was Re: SPAM from a registrar)

Quoting Axb : On 06/10/2014 06:51 PM, Patrick Domack wrote: Quoting Axb : On 06/10/2014 05:11 PM, Patrick Domack wrote: There are all kinds of way to use the infomation. I just don't understand why people are so against it, cause it's not 100% foolproof. Nobody is against the idea, probl

Re: Domain ages (was Re: SPAM from a registrar)

On 06/10/2014 06:51 PM, Patrick Domack wrote: Quoting Axb : On 06/10/2014 05:11 PM, Patrick Domack wrote: There are all kinds of way to use the infomation. I just don't understand why people are so against it, cause it's not 100% foolproof. Nobody is against the idea, problem is scalability

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014 22:44:22 +0200 Matthias Leisi wrote: > I still have an experimental DNS server (written in Perl) lying > around that this more-or-less what is described here. The overall > system would need a bit more thought, though. Attached is a hacky proof-of-concept script that stores st

Re: Domain ages (was Re: SPAM from a registrar)

Quoting Axb : On 06/10/2014 05:11 PM, Patrick Domack wrote: There are all kinds of way to use the infomation. I just don't understand why people are so against it, cause it's not 100% foolproof. Nobody is against the idea, problem is scalability and trust. To make domain age usable, the BLs

Re: Domain ages (was Re: SPAM from a registrar)

On 06/10/2014 05:11 PM, Patrick Domack wrote: There are all kinds of way to use the infomation. I just don't understand why people are so against it, cause it's not 100% foolproof. Nobody is against the idea, problem is scalability and trust. To make domain age usable, the BLs I mentioned make

Re: Domain ages (was Re: SPAM from a registrar)

On 06/10/2014 04:34 PM, Patrick Domack wrote: Quoting Axb : On 06/10/2014 04:14 PM, Patrick Domack wrote: Quoting Axb : On 06/10/2014 12:28 PM, Patrick Domack wrote: Not saying this doesn't happen. But also, how often does someone register a domain, move all their users to the new domain,

Re: Domain ages (was Re: SPAM from a registrar)

Quoting Rob McEwen : On 6/10/2014 10:21 AM, Axb wrote: All URI BLs I know of (SURBL/URIBL/DBL/Invaluement/etc) check & track domain reputation otherwise they'd be unusable. Their listings are not blind - they all have their secret sauce to process before listing a domain. Absolutely. As Axb

Re: Domain ages (was Re: SPAM from a registrar)

On 6/10/2014 10:34 AM, Patrick Domack wrote: > So, we are unwilling to look into any new ideas cause there might be > an issue? that we haven't scoped or checked into? Patrick, I don't think Axe was arguing against this idea.. I think he was arguing against irrational exuberance by some who may

Re: Domain ages (was Re: SPAM from a registrar)

On 6/10/2014 10:21 AM, Axb wrote: > All URI BLs I know of (SURBL/URIBL/DBL/Invaluement/etc) check & track > domain reputation otherwise they'd be unusable. > Their listings are not blind - they all have their secret sauce to > process before listing a domain. Absolutely. As Axb and KAM and other

Re: Domain ages (was Re: SPAM from a registrar)

Quoting Axb : On 06/10/2014 04:14 PM, Patrick Domack wrote: Quoting Axb : On 06/10/2014 12:28 PM, Patrick Domack wrote: Not saying this doesn't happen. But also, how often does someone register a domain, move all their users to the new domain, have the server all reconfigured to use this n

Re: Domain ages (was Re: SPAM from a registrar)

On 06/10/2014 04:14 PM, Patrick Domack wrote: Quoting Axb : On 06/10/2014 12:28 PM, Patrick Domack wrote: Not saying this doesn't happen. But also, how often does someone register a domain, move all their users to the new domain, have the server all reconfigured to use this new domain, all w

Re: Domain ages (was Re: SPAM from a registrar)

Quoting Axb : On 06/10/2014 12:28 PM, Patrick Domack wrote: Not saying this doesn't happen. But also, how often does someone register a domain, move all their users to the new domain, have the server all reconfigured to use this new domain, all within the first day? I know personally, I have

Re: Domain ages (was Re: SPAM from a registrar)

On 06/10/2014 12:28 PM, Patrick Domack wrote: Not saying this doesn't happen. But also, how often does someone register a domain, move all their users to the new domain, have the server all reconfigured to use this new domain, all within the first day? I know personally, I have always taken at

Re: Domain ages (was Re: SPAM from a registrar)

Quoting Lucio Chiappetti : On Mon, 9 Jun 2014, Rob McEwen wrote: Domain age is a good metric to factor in. But I'm always fascinated with some people's desire to block all messages with extremely new domains. Keep in mind that many large and famous businesses... who have fairly good mail se

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014, Rob McEwen wrote: Domain age is a good metric to factor in. But I'm always fascinated with some people's desire to block all messages with extremely new domains. Keep in mind that many large and famous businesses... who have fairly good mail sending practices... sometimes

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 02:42 PM, Matthias Leisi wrote: > > On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle > mailto:lists...@islandnetworks.com>> wrote: > > > A caching whois client (jwhois, for example) can significantly reduce > the volume of queries. > > > You will need to query potentially hund

Re: Domain ages (was Re: SPAM from a registrar)

Quoting Matthias Leisi : On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle wrote: A caching whois client (jwhois, for example) can significantly reduce the volume of queries. You will need to query potentially hundreds or thousands of domains *per day* - mostly throw away domains from spamme

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, Jun 9, 2014 at 11:31 PM, Richard Doyle wrote: > A caching whois client (jwhois, for example) can significantly reduce > the volume of queries. > You will need to query potentially hundreds or thousands of domains *per day* - mostly throw away domains from spammers. 1) What are the typi

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 12:29 PM, Kevin A. McGrail wrote: > On 6/9/2014 3:24 PM, Patrick Domack wrote: >> The point was, I have already done this, and have it in production. I >> did this cause this subject keeps coming up from time to time, and I >> was personally interested to see the results of it. >> >>

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 10:43 PM, James B. Byrne wrote: On Mon, June 9, 2014 15:35, Patrick Domack wrote: I guess what would need to be hammered out, is, the exact info wanted. We know age, and registrar. Though doing the registrar isn't so simple, as the same for just ENOM changes between tld, and even

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, Jun 9, 2014 at 9:11 PM, David F. Skoll wrote: > The DNS software that serves the zone newdomain.example.net runs > the following pseudo-code when "example.org" is looked up: > [..] So who's volunteering to do this? :) > *raises hand* I still have an experimental DNS server (writte

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, June 9, 2014 15:35, Patrick Domack wrote: > > I guess what would need to be hammered out, is, the exact info wanted. > We know age, and registrar. Though doing the registrar isn't so > simple, as the same for just ENOM changes between tld, and even within > a single tld (likely from the me

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014 22:31:55 +0200 Matthias Leisi wrote: > *But*, again: which domains would be queried for such a list? I think MAIL FROM domain. Regards, David.

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 10:32 PM, Patrick Domack wrote: Quoting Matthias Leisi : On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail wrote: I think the core issue is that age of domains is a good indicator of spam. So there is merit in building a distributed look-up system using SA. I have more ideas

Re: Domain ages (was Re: SPAM from a registrar)

Quoting Matthias Leisi : On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail wrote: I think the core issue is that age of domains is a good indicator of spam. So there is merit in building a distributed look-up system using SA. I have more ideas than resources, of course... I repeat my qu

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, Jun 9, 2014 at 9:11 PM, David F. Skoll wrote: > The clever part is that once lots of sites begin using this in their > SA setups, we'll very quickly build up quite an accurate database of > newly-seen domains that's completely independent of any registrar for > a data source. > dnswl.or

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 4:25 PM, Matthias Leisi wrote: On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail > wrote: I think the core issue is that age of domains is a good indicator of spam. So there is merit in building a distributed look-up system using SA. I ha

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail wrote: > I think the core issue is that age of domains is a good indicator of spam. > So there is merit in building a distributed look-up system using SA. > > I have more ideas than resources, of course... > I repeat my question: which domain? H

Re: Domain ages (was Re: SPAM from a registrar)

On 06/09/2014 09:38 PM, Kevin A. McGrail wrote: That is the crux of the issue, yes. So how do you identify new domains if the registrars/registries won't give you the data? That's the problem my idea solves by monitoring newly seen domains with the idea being that spammers are not going to buy d

RE: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014, David Jones wrote: If SEM was able to detect newly registered domains more quickly then that would solve the problem. Oh, agreed. The problem is, a registrar feed of registration changes costs a lot, and this is a free project. That's why I suggested trying to develop r

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:31 PM, David Jones wrote: If SEM was able to detect newly registered domains more quickly then that would solve the problem. That is the crux of the issue, yes. So how do you identify new domains if the registrars/registries won't give you the data? That's the problem my idea so

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:33 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 2:51 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: > So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clar

Re: Domain ages (was Re: SPAM from a registrar)

Quoting John Hardin : On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 2:51 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of y

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:11 PM, David F. Skoll wrote: On Mon, 9 Jun 2014 11:51:21 -0700 (PDT) John Hardin wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois queri

Re: Domain ages (was Re: SPAM from a registrar)

Quoting "David F. Skoll" : On Mon, 09 Jun 2014 15:24:29 -0400 Patrick Domack wrote: The point was, I have already done this, and have it in production. I did this cause this subject keeps coming up from time to time, and I was personally interested to see the results of it. Interesting. I

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 2:51 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: > So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you refe

RE: Domain ages (was Re: SPAM from a registrar)

If SEM was able to detect newly registered domains more quickly then that would solve the problem. From: John Hardin Sent: Monday, June 09, 2014 2:24 PM To: users@spamassassin.apache.org Subject: Re: Domain ages (was Re: SPAM from a registrar) On Mon, 9

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:24 PM, Patrick Domack wrote: The point was, I have already done this, and have it in production. I did this cause this subject keeps coming up from time to time, and I was personally interested to see the results of it. And I do agree with Rob McEwen on many points. And I would b

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 09 Jun 2014 15:24:29 -0400 Patrick Domack wrote: > The point was, I have already done this, and have it in production. > I did this cause this subject keeps coming up from time to time, and > I was personally interested to see the results of it. Interesting. If you don't mind my asking.

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014, David F. Skoll wrote: On Mon, 9 Jun 2014 11:51:21 -0700 (PDT) John Hardin wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois que

Re: Domain ages (was Re: SPAM from a registrar)

Quoting "David F. Skoll" : On Mon, 9 Jun 2014 11:51:21 -0700 (PDT) John Hardin wrote: > So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois queries for a do

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 3:02 PM, Rob McEwen wrote: Domain age is a good metric to factor in. But I'm always fascinated with some people's desire to block all messages with extremely new domains. (NOT saying that this applies to everyone who posted on this thread!) Keep in mind that many large and famous bus

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 2:51 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois queries for a domain

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014 11:51:21 -0700 (PDT) John Hardin wrote: > > So there is merit in building a distributed look-up system using SA. > Distributed lookup of *what*, though? Can you clarify that part of > your idea? Are you referring to distributed whois queries for a > domain name, to determine i

Re: Domain ages (was Re: SPAM from a registrar)

Domain age is a good metric to factor in. But I'm always fascinated with some people's desire to block all messages with extremely new domains. (NOT saying that this applies to everyone who posted on this thread!) Keep in mind that many large and famous businesses... who have fairly good mail sen

Re: SPAM from a registrar

On 06/09/2014 08:39 PM, Kevin A. McGrail wrote: On 6/9/2014 2:33 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 1:23 PM, Patrick Domack wrote: Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I wonder how we

Re: SPAM from a registrar

On Mon, Jun 9, 2014 at 2:39 PM, Kevin A. McGrail wrote: > On 6/9/2014 2:33 PM, John Hardin wrote: > >> On Mon, 9 Jun 2014, Kevin A. McGrail wrote: >> >> On 6/9/2014 1:23 PM, Patrick Domack wrote: >>> Comparing my list of new domains, shows that DOB seems to pick them up after they ar

Re: SPAM from a registrar

Quoting "Kevin A. McGrail" : On 6/9/2014 2:24 PM, Patrick Domack wrote: Quoting "Kevin A. McGrail" : On 6/9/2014 1:23 PM, Patrick Domack wrote: I have been tracking this for about 2 weeks now myself. Comparing my list of new domains, shows that DOB seems to pick them up after they are 2

Re: Domain ages (was Re: SPAM from a registrar)

On Mon, 9 Jun 2014, Kevin A. McGrail wrote: So there is merit in building a distributed look-up system using SA. Distributed lookup of *what*, though? Can you clarify that part of your idea? Are you referring to distributed whois queries for a domain name, to determine its age? -- John Ha

Re: SPAM from a registrar

On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 2:33 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: > On 6/9/2014 1:23 PM, Patrick Domack wrote: > > Comparing my list of new domains, shows that DOB seems to pick > > them up after they are 2 days old. > > I

Re: Domain ages (was Re: SPAM from a registrar)

On 6/9/2014 2:38 PM, David F. Skoll wrote: On Mon, 09 Jun 2014 14:24:19 -0400 Patrick Domack wrote: That could be easily done. Only issue is, if you trust the distributed lookups to have accurate infomation. I suppose we could build in a trust system, where if enough distributed clients upload

Re: SPAM from a registrar

On 6/9/2014 2:33 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 1:23 PM, Patrick Domack wrote: Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I wonder how we can use DNS, an RBL and distributed lookups to ge

Domain ages (was Re: SPAM from a registrar)

On Mon, 09 Jun 2014 14:24:19 -0400 Patrick Domack wrote: > That could be easily done. Only issue is, if you trust the > distributed lookups to have accurate infomation. > I suppose we could build in a trust system, where if enough > distributed clients upload the same info, it could be trusted.

Re: SPAM from a registrar

On 6/9/2014 2:24 PM, Patrick Domack wrote: Quoting "Kevin A. McGrail" : On 6/9/2014 1:23 PM, Patrick Domack wrote: I have been tracking this for about 2 weeks now myself. Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I also tried to compa

Re: SPAM from a registrar

On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 1:23 PM, Patrick Domack wrote: Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I wonder how we can use DNS, an RBL and distributed lookups to get the age of domains AND share the infor

Re: SPAM from a registrar

Quoting "Kevin A. McGrail" : On 6/9/2014 1:23 PM, Patrick Domack wrote: I have been tracking this for about 2 weeks now myself. Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I also tried to compair my list to fresh.spameatingmonkey.net, b

Re: SPAM from a registrar

On 6/9/2014 1:23 PM, Patrick Domack wrote: I have been tracking this for about 2 weeks now myself. Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I also tried to compair my list to fresh.spameatingmonkey.net, but none of my domains in the 0-

RE: SPAM from a registrar

Fax: (907) 586-4500 Registered Linux User No: 307357 -Original Message- From: James B. Byrne [mailto:byrn...@harte-lyne.ca] Sent: Wednesday, May 14, 2014 8:52 AM To: users@spamassassin.apache.org Subject: SPAM from a registrar This AM we received (and are continuing to receive) numerous s

Re: SPAM from a registrar

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05-06-14 20:54, Andreas Schulze wrote: > Tom Hendrikx: >> but postfix has a feature that can check the MX and NS records of >> the envelope sender or hostname of the connecting ip. > I know and use that. > > >> If these are all the same, you cou

Re: SPAM from a registrar

Tom Hendrikx: > but postfix has a feature that can check the MX and NS > records of the envelope sender or hostname of the connecting ip. I know and use that. > If these are all the same, you could block connections based on those. that's intersting, no idea how to com

Re: SPAM from a registrar

On 05/23/2014 06:22 PM, James B. Byrne wrote: While the number of messages getting through has dropped off to near zero this morning I nonetheless took the time to look into registrars with respect to SPAM and found this interesting web site: http://rss.uribl.com/nic/ As of this morning the top

Re: SPAM from a registrar

that’s nice, but useless unless you also take into account the size of the registrar, IOW the number of domains they registered in the same period. Neil Schwartzman Executive Director Coalition Against Unsolicited Commercial Email http://cauce.org Tel : (303) 800-6345 Twitter : @cauce On May

RE: SPAM from a registrar

While the number of messages getting through has dropped off to near zero this morning I nonetheless took the time to look into registrars with respect to SPAM and found this interesting web site: http://rss.uribl.com/nic/ As of this morning the top domain registrars with respect to spam origin a

Re: SPAM from a registrar

On 2014-05-19 19:39, Ian Zimmerman wrote: Ok, I installed a local bind instance on Saturday. But it is not helping: out of about 100 spams I got today (counting both those that got flagged and those that didn't, but not counting the "horrible" spams with score > 15 that go directly to /dev/null)

Re: SPAM from a registrar

On 2014-05-19 19:39, Ian Zimmerman wrote: Ok, I installed a local bind instance on Saturday. But it is not helping: out of about 100 spams I got today (counting both those that got flagged and those that didn't, but not counting the "horrible" spams with score > 15 that go directly to /dev/null)

Re: SPAM from a registrar

On Mon, 19 May 2014 10:46:25 -0800 Kevin Miller wrote: Ian> Excellent point. I _used to_ run a local DNS cache, but got rid of Ian> it a few months ago, in the name of simplicity. Was that a good or Ian> bad thing to do in the current context? Kevin> That's a bad thing to do. A caching name s

RE: SPAM from a registrar

On Mon, 19 May 2014, Kevin Miller wrote: That's a bad thing to do. A caching name server is pretty easy to implement (all the distros that I've played with do it automatically just installing bind). Many (most?/all?) RBLs require a subscription (read money) if you exceed a certain number of

RE: SPAM from a registrar

(907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 -Original Message- From: Ian Zimmerman [mailto:i...@buug.org] Sent: Friday, May 16, 2014 6:38 PM To: users@spamassassin.apache.org Subject: Re: SPAM from a registrar On Sat, 17 May 2014 01:34:58 +0200 Karsten Bräckelma

Re: SPAM from a registrar

On Fri, 16 May 2014 16:30:30 -0400 "James B. Byrne" wrote: [snip] > Admin Country: US > Admin Phone: +1.1115463768 ^^^ Illegal NPA code in North America. They never start with 1 or 0. So far. However, the network allows one to set

Re: SPAM from a registrar

On Sat, 17 May 2014 01:34:58 +0200 Karsten Bräckelmann wrote: > I don't know whether DOB limits DNS queries of a single host. > However, if you *never* get that rule firing, the NXDOMAIN result may > indicate exceeding a query limit. Do you use a local caching DNS > resolver, or does SA use your

Re: SPAM from a registrar

On Fri, 2014-05-16 at 12:14 -0700, Ian Zimmerman wrote: > Just for the fun of it, I did a manual whois on the domain of one random > spam I got today which was not killed by SA. > > Sure enough, the domain was a day old. > > Running SA --debug on the spam I can see that URIBL_RHS_DOB lookup is >

Re: SPAM from a registrar

On Fri, May 16, 2014 15:50, Kevin A. McGrail wrote: > Enom is a big registrar and in fact owns the registrar I use > (BulkRegister). I'm surprised they are having an issue. I'll try and > reach out to them if you can give me a list of some of the domains you > are seeing problems with spam. > >

Re: SPAM from a registrar

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 15-05-14 16:31, James B. Byrne wrote: > > On Thu, May 15, 2014 09:08, David Jones wrote: >> We use the fresh15.spameatingmonkey.net RBL. >> >> http://spameatingmonkey.com/lists.html >> > > > I checked three domain names used by the spam messa

RE: SPAM from a registrar

>On Thu, May 15, 2014 09:08, David Jones wrote: >> We use the fresh15.spameatingmonkey.net RBL. >> >> http://spameatingmonkey.com/lists.html >> >I checked three domain names used by the spam messages received yesterday. >All of the domains were registered yesterday as well. None of them report

RE: SPAM from a registrar

We use the fresh15.spameatingmonkey.net RBL. http://spameatingmonkey.com/lists.html From: James B. Byrne Sent: Wednesday, May 14, 2014 11:51 AM To: users@spamassassin.apache.org Subject: SPAM from a registrar This AM we received (and are continuing to

Re: SPAM from a registrar

On 5/15/2014 10:31 AM, James B. Byrne wrote: On Thu, May 15, 2014 09:08, David Jones wrote: We use the fresh15.spameatingmonkey.net RBL. http://spameatingmonkey.com/lists.html I checked three domain names used by the spam messages received yesterday. All of the domains were registered yester

Re: SPAM from a registrar

On Thu, 15 May 2014 09:45:21 -0800 Kevin Miller wrote: > Have you looked into "Day old bread"? > http://wiki.apache.org/spamassassin/Rules/URIBL_RHS_DOB Just for the fun of it, I did a manual whois on the domain of one random spam I got today which was not killed by SA. Sure enough, the domain

RE: SPAM from a registrar

On Thu, May 15, 2014 09:08, David Jones wrote: > We use the fresh15.spameatingmonkey.net RBL. > > http://spameatingmonkey.com/lists.html > I checked three domain names used by the spam messages received yesterday. All of the domains were registered yesterday as well. None of them report as bei

RE: SPAM from a registrar

On Thu, 15 May 2014, James B. Byrne wrote: I have to wonder how soon after creation new domains are added to the fresh lists. That's a good question. The only way I can see to maintain such a list is if you have a registrar data feed, and I don't know what the latency in that is. I would *as

RE: SPAM from a registrar

James, are these botnet or "snowshoe" spam? When you get a chance, please provide some spamples (pastebin or elsewhere), as Kevin recommended. Please mung JUST the email addresses (e.g. change all email domains to "example.com", and change the victim account name to "victim"). If the victim acc

Re: SPAM from a registrar

On 05/15/2014 04:31 PM, James B. Byrne wrote: On Thu, May 15, 2014 09:08, David Jones wrote: We use the fresh15.spameatingmonkey.net RBL. http://spameatingmonkey.com/lists.html I checked three domain names used by the spam messages received yesterday. All of the domains were registered yes

RE: SPAM from a registrar

No: 307357 -Original Message- From: James B. Byrne [mailto:byrn...@harte-lyne.ca] Sent: Wednesday, May 14, 2014 8:52 AM To: users@spamassassin.apache.org Subject: SPAM from a registrar This AM we received (and are continuing to receive) numerous spam messages from multiple domains that were all

RE: SPAM from a registrar

This is probably what you are looking for: http://wiki.apache.org/spamassassin/Rules/URIBL_RHS_DOB > -Message d'origine- > De : James B. Byrne [mailto:byrn...@harte-lyne.ca] > Envoyé : Wednesday, May 14, 2014 12:52 PM > À : users@spamassassin.apache.org > Objet : S

SPAM from a registrar

This AM we received (and are continuing to receive) numerous spam messages from multiple domains that were all registered today (2014-05-14) with a company called enom, inc. This firm is also the registrar for the the mail server domain BOSJAW.com that is ending some if not all of the UCEM. That