Michael Scheidell wrote:
Ok, google/gmail emails back says 'this didn't come from us because people
are forging our domain'.
Reverse dns shows it google, dkim sig says its google.
Time to blacklist google.
Either google lies or they have been hacked and hackers are spamming through
them. Either case, till google fixes their network and attitude, we should
blacklist them.
SA:
header GOOGLEISBAD received =~ /google\.com/
score GOOGLEISBAD 100
Postfix ACL:
google.com REJECT GOOGLEISBAD
Received: from fg-out-1718.google.com (fg-out-1718.google.com
[72.14.220.156])
by fl.us.spammertrap.net (Postfix) with ESMTP id ABB5C2E11A
for <[EMAIL PROTECTED]>; Fri, 29 Feb 2008 02:08:33 -0500 (EST)
Received: by fg-out-1718.google.com with SMTP id 13so2466562fge.45
for <[EMAIL PROTECTED]>; Thu, 28 Feb 2008 23:08:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:message-id:date:from:to:subject:mime-version:
content-type:content-transfer-encoding:content-disposition:precedence:x-auto
reply;
bh=sL3vqqwqMdE5yWWphM0o1dUtNuEzLTPRmNUSyn+hD6s=;
b=razzMn3uCoyrvZErxj1Nud67bPfwzrESFSZM+Oo06FGxw00Dhg3wvDn7MCloiNk3eHA7zkNr/u
7LjInJ+LCl1KmHOi1AQENVOaVjt82b6o43N6/hUGivDC3HRSSRi9eYFouvmVufkwzxM9Y/Bvbx9Z
KnyXtB+ofa/k1SjY+tgbY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:date:from:to:subject:mime-version:content-type:content-transfer
-encoding:content-disposition:precedence:x-autoreply;
b=VFo5w/0cZsC3zDwg0h6+rKfTF+UgIcOUinVWWXe1xHzRan7ZkVlYcIrNnjc+KELNRoOyYu8EBg
3/ZgSF+WCoBXyYyipZxpqnr4+wAorfmYth0Kbe4PW4NR//kLL6CvVIRQZ4gkUf/NMccUWBgjRIKB
F43RHr0X34LkhbF9sjYm4=
Received: by 10.86.3.4 with SMTP id 4mr9872622fgc.69.1204268912528;
Thu, 28 Feb 2008 23:08:32 -0800 (PST)
Message-ID: <[EMAIL PROTECTED]>
Are there any X- headers?
It's known that the captcha was cracked and that some webmail
auto-responders are being abused.
There might be a better way to ID this mail.
Ken
--
Ken Anderson
Pacific.Net
