Help - Search - Members - Calendar
Full Version: drop in reports since last update
hsc message board > Main > hsc Software Support
Michael Bergman
Dec 30 2004, 06:09 PM
==WARNING== "adult" content (i.e. spam message included)

Since the last update, I've noticed a reduction in successful analyses -- of several dozen spam messages processed, SpamX has only sent 2 reports.

While some of this seems to be due to a spate of junk spam (I don't know what else to call it; it appears to be intended for annoyance or to test a delivery vehicle rather than to actually try to sell something), some of it seems to be "real" spam that "should" have been reported.

In particular, I looked at one message, which had been bounced as a non-member posting to a mailing list I manage. Thinking that the fact that it had been bounced already might have confused SpamX, I edited the headers, stripping out the bounce message and spam-assassin notes that had been added, and reprocessed. No go. Looking at the body of the text, I saw a URL for the product, so I added a forged FROM address using that domain as the domain of the sender -- still no go. Finally, I checked to see that the URL was actually valid, which it was -- a commercial credit card processing service that should at least be paying lip-service to preventing spam.

Here's the entirety of the message in question, and the log entry. The original from address was lukecostar@the-lair.com:


Date: Mon, 27 Dec 2004 19:17:37 GMT
from: foo@nanobill.com
To: vintage-dance@world.std.com
Subject: Your lolitas
Message-ID: <3082046360.38636544881544@the-lair.com>
X-Mailer: The Bat! (v1.53d)
X-Priority: 3 (Normal)

LOLITAS SOFTCORE
Amazing collection of tiny little angels posing and
stripping with pleasure only for you!

http://nanobill.com/527/all/

LOLITAS HARDCORE
New! Exclusive 3D Extreme Lolita hardcore collections:
Art drawings of taboo lolita sex. Young creatures fucked
by men. Extreme explicit scenes!


==Warning - found zero IP addresses in header==
Date: Mon, 27 Dec 2004 19:17:37 GMT
From: lukecostar@the-lair.com
To: vintage-dance@world.std.com
Subject: Your lolitas
Message-ID: <3082046360.38636544881544@the-lair.com>
X-Mailer: The Bat! (v1.53d)
X-Priority: 3 (Normal)

==Warning - found zero IP addresses in header==
Date: Mon, 27 Dec 2004 19:17:37 GMT
from: foo@nanobill.com
From: lukecostar@the-lair.com
To: vintage-dance@world.std.com
Subject: Your lolitas
Message-ID: <3082046360.38636544881544@the-lair.com>
X-Mailer: The Bat! (v1.53d)
X-Priority: 3 (Normal)

==Warning - found zero IP addresses in header==
Date: Mon, 27 Dec 2004 19:17:37 GMT
from: foo@nanobill.com
To: vintage-dance@world.std.com
Subject: Your lolitas
Message-ID: <3082046360.38636544881544@the-lair.com>
X-Mailer: The Bat! (v1.53d)
X-Priority: 3 (Normal)
Jeff Hendrickson
Dec 30 2004, 06:37 PM
Michael, these are not full SMTP headers (they do not contain IP address(es)).

No version of Sp@mX would have ever processed these. I suggest you double check that you're exporting your email with FULL SMTP HEADERS.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.