www.33-99.com spam
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
www.33-99.com spam - 11.Oct.2009 2:28:25 PM
|
|
|
Frelisb
Posts: 23
Status: offline
|
We are receiving lots of spam with just "Fw:" as Subject. The body content is a large picture with a name underneath. In the picture is the text Viagra/Female Viagra/Cialis/Levitra along with some pictures of the pills. Also the text "www.33-99.com" in large, red type.
The name ("Rachael Draper" in the example underneath), the Sender name/Address and the picture link changes from mail to mail. It is also sent from different mail servers each time. Here is an example of the body text source:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=koi8-r">
<STYLE>
p, li { white-space: pre-wrap; }
</STYLE>
</HEAD>
<BODY>
<img src="cid:4278238515.N6V3537F184126@ycsrbkyho.ttillockfwqwr.biz" alt="" border="0">
<p><span style="font-size: 8px;">
Rachael Draper
</span></p>
</BODY></HTML>
Does anyone have any idea how to stop this kind of spam? It is hitting us in the thousands every day and getting through to our mailboxes. We have of course added these mails repeatedly (in the hundreds) to the Bayesian Filter for training, but without effect
< Message edited by Frelisb -- 11.Oct.2009 2:31:15 PM >
|
|
|
|
|
RE: www.33-99.com spam - 12.Oct.2009 3:40:28 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
Hi,
Do you use the SpamRazer engine, DNS Blacklists and the Zombie check? These should block the emails based on the sender's IP address, and would thus not be fooled by the text in the image.
_____________________________
Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: www.33-99.com spam - 12.Oct.2009 7:14:15 AM
|
|
|
Frelisb
Posts: 23
Status: offline
|
Hi,
Zombie check and Spamrazer are activated, not DNS Blacklists as we have experienced very many false positives when DNS Blacklist is activated. In case we were to activate Blacklist, which blacklists are "safe" to use (not giving an excess of false positives)?
We were hoping that the "Check if email contains remote images only" would stop these, but that does not seem to be the case...
Any further advice would be appreciated
|
|
|
|
|
RE: www.33-99.com spam - 12.Oct.2009 7:23:22 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
Hi,
The DNS Blacklists is a sort of personal preference. zen.spamhaus.org seems to be the preferred DNS Blacklist.
_____________________________
Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: www.33-99.com spam - 12.Oct.2009 12:53:21 PM
|
|
|
Frelisb
Posts: 23
Status: offline
|
Hi,
Zombie check, SpamRazer and the zen.spamhouse.org black list are all now activated. A few are blocked by this combination, but the majority gets through.
Why is the "Check if email contains remote images only" not blocking these mails (se source code above)?
Please advice
Kind regards
|
|
|
|
|
RE: www.33-99.com spam - 13.Oct.2009 1:09:27 PM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
You do not mention which version of ME you are using, or information about your server setup.
If you're using ME14, what does your Dashboard say happened to the messages as they pass through? If it says "Whitelisted", then you need to go through your whitelist with a fine-toothed comb and remove entries that match the emails.
Note that you will get absolutely no effect by adding the message to the Bayesian filter because they contain no usable or common text; the Bayesian filter only works against the text in the message body
The message has an embedded image, not a remote image. Embedded image checks are enabled by default in later versions of ME12.
See the following articles:
http://kbase.gfi.com/showarticle.asp?id=KBID002763
http://kbase.gfi.com/showarticle.asp?id=KBID003142
And finally, just in case it wasn't a spelling mistake, the black list is zen.spamHAUS.org.
_____________________________
Disclaimer: I don't work for GFI, I just use their products.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
