From: "Matt Kettler" <[EMAIL PROTECTED]>
Chris Santerre wrote:


-----Original Message-----
From: qqqq [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 09, 2006 3:12 PM
To: Chris Santerre; 'Matt Kettler'
Cc: users@spamassassin.apache.org
Subject: Re: My only problem with URIBL_BLACK


RE: My only problem with URIBL_BLACKHere's one that just got
captured.  The mailing was from
Monster.com and the customer is livid :-(

X-Spam-Report:
 *  0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
 *  1.1 URIBL_SBL Contains an URL listed in the SBL blocklist
 *      [URIs: uhmcargo_MUNGED.net]
 *  3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
 *      [URIs: uhmcargo_MUNGED.net]
 *  3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
blocklist
 *      [URIs: uhmcargo_MUNGED.net]

I had to _MUNGED the domain because the mailing hit 13.5 and bounced

The threshold is 5.5


Here is from my original stats post:
 1    URIBL_BLACK                     163397    7.09   29.11
 78.05    0.50
 5    URIBL_JP_SURBL                  118251    5.13   21.07
 56.48    0.09

What are your thoughts guys?  Lower the score for URI_BLACK and JP?

Its not an FP.

http://groups.google.com/group/misc.writing.screenplays.moderated/browse_frm/thread/e7fca5612bbf5aa3/fc75be5ae3052cbb?lnk=st&q=uhmcargo.net&rnum=1&hl=en#fc75be5ae3052cbb
<http://groups.google.com/group/misc.writing.screenplays.moderated/browse_frm/thread/e7fca5612bbf5aa3/fc75be5ae3052cbb?lnk=st&q=uhmcargo.net&rnum=1&hl=en#fc75be5ae3052cbb>


I do tend to agree, this site appears to be a scam.

qqqq, feel free to pass all of this on to your user.


I find the domain's registration info rather interesting:
-----------------------------
Registrant / Admin Contact :
ORGANISATION
 IBC int Laer (IIL2-BMN-ORG)

RR #3 Box 1122

17059 Mifflintown
UNITED STATES

  Contact
     Jo FOLTZ
     phone          : +56 7432674623
     fax            :
     e-mail         : [EMAIL PROTECTED]

<snip>

Created on 05/06/2006 01:08:40
----------------------------

Hmm.. they're from the United States, yet their phone number is in Chile
(dialing code +56)???

They left out the state, and put things in the wrong order, but 17059 is the zip
code for Mifflintown, PA.

Fixing the address:
IBC int Laer
RR #3 Box 1122
Mifflintown, PA 17059
UNITED STATES


Also, the company name contains "int laer", which appears to be Belgian
language. A web search for this phrase turns up 2 pages in a language I don't
understand hosted out of .be.

So we have a company registered with a Rural-Route address in Pennsylvania, with
a Chilean phone number, a Belgian name, and a yahoo email address... And the
record was created 3 days ago.. Hmmm...


Let's look at their IPs they are hosting their domain from:
-----------
$ host uhmcargo*MUNGED*.com
uhmcargo*MUNGED*.com has address 82.155.56.150
uhmcargo*MUNGED*.com has address 83.99.128.137
uhmcargo*MUNGED*.com has address 83.213.63.213

$ host 82.155.56.150
150.56.155.82.in-addr.arpa domain name pointer bl6-56-150.dsl.telepac.pt.
$ host 83.99.128.137
137.128.99.83.in-addr.arpa domain name pointer balticom-128-137.balticom.lv.
$ host 83.213.63.213
213.63.213.83.in-addr.arpa domain name pointer 
eu83-213-63-213.clientes.euskaltel.es
------------


Hmm, so they are hosting their website at a lot of different places. A DSL node
in Portugal, Another site in Latvia, and yet one more in Spain?

So this is a company located in Rural PA, with a phone number in Chile, a yahoo
email address, a Belgian name, and web hosting spread across Portugal, Spain and
Latvia...

Looks like your irate customer was saved from receiving a blatant scam.

I wonder what kind of "start up" fees you need to pay to accept this job....

Fascinating - even the whois registration seems to have MPD, er Multiple
Personality Disorder. This is what I got in part:
===8<---
Registrant:
        Amber Furlong [EMAIL PROTECTED] +1.6785283829
        Private person
        20222 shadowood parkway
        Atlanta,GA,UNITED STATES 30339


Domain Name:uhmcargo.net-M
Record last updated at 2006-05-05 18:11:50
Record created on 2006/5/5
Record expired on 2007/5/5


Domain servers in listed order:
        ns1.narrowtok.net-M       ns2.narrowtok.net-M

Administrator:
        20222 shadowood parkway
        Atlanta
GA,
UNITED STATES
30339
===8<---

It might have been hijacked recently. But then, for a brandy spanky new
registration that seems unlikely....
{^_^}

Reply via email to