>> >> Howdy, >> >> Lately I've been getting a lot of spam like this: >> >> http://pastebin.com/m58b01a0b >> http://pastebin.com/me13959a >> >> The domain changes, but it's virtually always in the .de TLD >> ("somedomain.de"). RelayCountries has this to say about that message >> (I'm in the US, btw): >> [31067] dbg: metadata: X-Relay-Countries: GB >> >> They don't seem to trigger any remote tests at all.... DNSBLs, URIBLs, >> Pyzor, Razor, or Botnet. The only local tests triggered are BAYES_99, >> MIME_HTML_ONLY, and a custom test I wrote which triggers when it sees >> the word 'drugstore' in the body, in all caps. >> >> Any ideas on how to make this a more solid hit? Anyone else seeing this? >> >> Thanks, >> Jake
Hi Jake, both examples seem to originate in the US (28.239.107.195 and 206.91.74.21) and have some rb.mail.ru link near drugstore Wolfgang
