--- Michael Grant <[EMAIL PROTECTED]> wrote: > On 4/4/07, J. <[EMAIL PROTECTED]> wrote: > > > > --- Matt Kettler <[EMAIL PROTECTED]> wrote: > > > > > J. wrote: > > > > I've been doing this sort of thing to block connections which > is > > > > somewhat more satisfying than just scoring the email higher, > but > > > these > > > > rascals seems to be able to use multiple ip addresses even > within a > > > > single mailing: > > > > > > > > 123.156.189.:allow,RBLSMTPD="-Connections refused. domain.com > seems > > > to > > > > ignore bounces." > > > > 87.254.321.:allow,RBLSMTPD="-Connections refused due to spam." > > > > > > Do they have a common reverse DNS? > > > > Good question. They probably do if they're running email lists and > want > > the messages to get through. They always seems to come through with > low > > scores so I assume they've got spf and reverse dns set up right. > > Is it possible they are coming from zombie machines? Machines which > have been infected by a sort of virus which a spammer can take over > and send out mail from remotely.
I don't think so. These are the spams that claim to be non-spam, put contact info for the advertiser and the spammer. They seem to use relatively close ip addresses: 70.164.3.2 (giftgroup) 70.164.7.206 70.164.7.247 70.164.7.247 ____________________________________________________________________________________ Get your own web address. Have a HUGE year through Yahoo! Small Business. http://smallbusiness.yahoo.com/domains/?p=BESTDEAL
