[unisog] [spam] student vacations (fwd)

William D. Colburn (aka Schlake) wcolburn at nmt.edu
Wed Oct 30 19:29:14 GMT 2002


No, but I recently added a herustic to my antispam milter that a host
which says "HELO hotmail.com" that has no reverse IP address probably
isn't hotmail.com, so I refuse it.  In the case below, such a rule would
have helped you.  :)  I've also decided that hosts without a reverse DNS
name which say HELO <word>, where <word> isn't a domain name, are
probably spammers.  There has only been one notice of a misblocked
email, so I'm leaving it in place for now.  Lastly, since most Korean
and Chinese spammers don't seem able to configure DNS, but give helpful
hostnames in their HELO, I block certain HELOs from repeat offenders
(like 163.net and 163.com).

On Wed, Oct 30, 2002 at 11:11:47AM -0500, Kathy Bergsma wrote:
> List-Digest-Subscribe: <mailto:unisog-digest-subscribe at sans.org>
> List-Digest-Unsubscribe: <mailto:unisog-digest-unsubscribe at sans.org>
> Date: Wed, 30 Oct 2002 11:11:47 -0500 (EST)
> From: Kathy Bergsma <kathya at nersp.nerdc.ufl.edu>
> To: unisog at sans.org
> X-Scanned-By: NERDC Open Systems Group (http://open-systems.ufl.edu/services/virus-scan/)
> Subject: [unisog] [spam] student vacations (fwd)
> 
> Is anyone else getting spam from www.springbreakout.com?  The service provider
> is in China and spam has been coming from all over the world.
> 
> =============
> Kathy Bergsma
> UF IT Security Coordinator
> 352-392-2061
> 
> ---------- Forwarded message ----------
> Return-Path: <mommylynn4351b52 at hotmail.com>
> Received: from nersp.nerdc.ufl.edu (sp43en1.nerdc.ufl.edu [128.227.74.43])
> 	by nslog.nerdc.ufl.edu (8.11.2/8.11.2/SuSE Linux 8.11.1-0.5) with
>     ESMTP id g9UFrUC20060;
> 	Wed, 30 Oct 2002 10:53:30 -0500
> Received: from smtp.ufl.edu (sp44css0.nerdc.ufl.edu [10.5.115.44])
> 	by nersp.nerdc.ufl.edu (8.12.3/8.11.3/2.1.0) with ESMTP id
>     g9UFr3kC050734
> 	for <postmast at nersp.nerdc.ufl.edu>; Wed, 30 Oct 2002 10:53:03 -0500
> Received: from hotmail.com ([218.104.54.232])
> 	by smtp.ufl.edu (8.12.6/8.12.3/2.3.8) with SMTP id g9UFqjYY066010;
> 	Wed, 30 Oct 2002 10:52:48 -0500
> Reply-To: <mommylynn4351b52 at hotmail.com>
> Message-ID: <035e10a11a5e$8448a7d4$8ee05ca7 at nyrfrl>
> From: <mommylynn4351b52 at hotmail.com>
> To: mommylynn at hotmail.com
> Subject: student vacations
> Date: Thu, 31 Oct 2002 02:48:15 -1100
> MiME-Version: 1.0
> Content-Type: text/plain;
> 	charset="iso-8859-1"
> Content-Transfer-Encoding: 8bit
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> X-Mailer: QUALCOMM Windows Eudora Version 5.1
> Importance: Normal
> X-Scanned-By: NERDC Open Systems Group
>     (http://open-systems.ufl.edu/services/virus-scan/)
> 
> Hey everyone,
> 
> This year we are trying to put together campuswide
> spring break packages for all students.  There are
> lots of destinations to choose from including Cancun,
> Mazatlan, Acapulco and more with a variety of inclusive
> packages.  If you would like more information, fill out
> the information request form and we will send all the
> details.  There is no obligation. This is just to receive
> information.  Let's start planning early so we get the best deals.
> 
> http://www.springbreakout.com/
> 
> You only get a chance to do stuff like this once!

--
William Colburn, "Sysprog" <wcolburn at nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn



More information about the unisog mailing list