I have noticed that most of the NS records for these spammers are the same or similar. Would it be too expensive to do a quick lookup of NS records to block these guys?
Here are my results:
[whiteout:~] patrick% host -t ns thelst40090hspeedm.com
thelst40090hspeedm.com name server NS1.HSM-EMAIL.NET
thelst40090hspeedm.com name server NS2.HSM-EMAIL.NET
[whiteout:~] patrick% host -t ns gotospeedoffrslist873009118273.com
gotospeedoffrslist873009118273.com name server NS1.HSM-EMAIL.NET
gotospeedoffrslist873009118273.com name server NS2.HSM-EMAIL.NET
AND
[whiteout:~] patrick% host -t ns dailypromotions.com
dailypromotions.com name server ns1.hsm-mailerdirect.com
dailypromotions.com name server ns2.hsm-mailerdirect.com
[whiteout:~] patrick% host -t ns dailypromo.net
dailypromo.net name server ns1.hsm-mailerdirect.com
dailypromo.net name server ns2.hsm-mailerdirect.com
On Thursday, December 5, 2002, at 11:57 PM, Michael Moncur wrote:
I posted some rules yesterday to catch spam from HiSpeedMedia / Daily
Promotions. They singlehandedly contribute about 10% of my spam, and their
messages are always an image and a minimum of text. The updated set of rules
below catches all of their messages, until they mutate again...
If you use these, use your own judgment for scoring. None of them match any
nonspam for me, though.
OVERALL% SPAM% NONSPAM% S/O RANK SCORE NAME
10346 5231 5115 0.506 0.00 0.00 (all messages)
100.000 50.5606 49.4394 0.506 0.00 0.00 (all messages as %)
4.359 8.6217 0.0000 1.000 1.00 3.00 MGM_DAILY_M
3.663 7.2453 0.0000 1.000 0.83 3.00 MGM_DAILY_PL
3.141 6.2130 0.0000 1.000 0.70 2.00 MGM_DAILY_PXE
1.798 3.5557 0.0000 1.000 0.37 5.00 MGM_DAILY_CGI
0.918 1.8161 0.0000 1.000 0.15 4.50 MGM_FROM_DAILY
0.918 1.8161 0.0000 1.000 0.15 4.50 MGM_DAILYPRO
0.300 0.5926 0.0000 1.000 0.00 1.50 MGM_HSM
uri MGM_DAILYPRO /daily-?promo(?:\.com|\.net)/i
describe MGM_DAILYPRO mgm: dailypromotions.net: frequent spammer
score MGM_DAILYPRO 4.5
header MGM_FROM_DAILY From =~ /daily-?promo(?:\.com|\.net)/i
describe MGM_FROM_DAILY mgm: From dailypromotions.net: frequent spammer
score MGM_FROM_DAILY 4.5
uri MGM_DAILY_CGI /cgi-bin\/dvs.cgi\?email/
describe MGM_DAILY_CGI mgm: DailyPromotions CGI link
score MGM_DAILY_CGI 5.0
uri MGM_DAILY_PL /\/logic\/(?:od|to).pl/
describe MGM_DAILY_PL mgm: DailyPromotions redirect link
score MGM_DAILY_PL 3.0
uri MGM_DAILY_PXE /http:\/\/pxe./i
describe MGM_DAILY_PXE mgm: DailyPromotions server link
score MGM_DAILY_PXE 2.0
header MGM_DAILY_M X-Mailer-Version =~ /v /
describe MGM_DAILY_M mgm: frequent spam header
score MGM_DAILY_M 3.0
uri MGM_HSM /hsmedia/i
describe MGM_HSM mgm: Hi-Speed Media: frequent spammer
score MGM_HSM 1.5
--
Michael Moncur mgm at starlingtech.com http://www.starlingtech.com/
"One can always be kind to people about whom one cares nothing." --Wilde
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
