On Tue, Oct 12, 2010 at 01:40:09AM +0000, m...@khonji.org wrote: > > Received: from [74.15.226.43] by web80505.mail.mud.yahoo.com via > HTTP; Mon, 11 Oct 2010 11:06:16 PDT
This is Bell Canada, unremarkable. > > The line above is probably giving you spammer's source IP (or http > proxy --- some SP use trans. fwd. proxies). > > Analyse that IP address and other similar spammers. If the region is > not important blacklist the block in 74.15.226.43. They do it from hacked computers. > Or create a heuristic(s) that states: if mail is from Yahoo, > contains a single line and from that IP block, then junk it. You'll > need to test and make sure it doesn't have much FP. It comes from gmail too, and I am sure from many originating IPs. GMail does not report originating IP. i > > ------Original Message------ > From: Igor Chudov > To: Spamassassin Mailing List > ReplyTo: i...@chudov.com > Subject: One-liner spams > Sent: Oct 11, 2010 10:12 PM > > I receive plenty of one-liner spams from hacked webmail accounts, > advertising various fronts of a Chinese retailer of a certain famous > chemical compound that enables sinful behaviors for people who were > not capable physically. > > Example of such an email is here: > > http://igor.chudov.com/tmp/spam012.txt > > I fully realize that these emails are difficult to trap, but, perhaps, > I am missing some innovations in the spamfighting field? Any idea how > I can kill them? > > i > > > > --- > Mahmoud Khonji
