wtf: "Make her Smile bho c qpalx"
John E. Malmberg
wb8tyw at qsl.net
Thu Feb 6 12:30:44 GMT 2003
[posted and mailed]
Kätzler, Ralf wrote:
> Someone is kidnapping my mailaddress
Spammers will do that.
Maybe the bogofilters will catch the next one, but the filter automagic
learning works best when people do not quote the spam. With bogofilter
type filters, quoting the spam will lessen the weight of the keywords
extracted, as they will have shown up in a mail marked legitimate.
The spammers have found a way around many of the filters by sending
minimal text and a link to a picture of their spam message as they are
assuming that people have allowed the mail programs to automatically
open pictures on external links.
There is not enough text in the spam for the filter to use in most cases.
> - and someone has an open smtp-server ...
> Sorry, but there are always some kiddies out there with enough time for funny things.
The spam came from the address 22.214.171.124.
Abuse contact it tpg.com.au
listed in SPAMCOP(127.0.0.2) BOPM(127.1.0.20)
SpamCop Blacklist (SPAMCOP): Blocked -
Blitzed Open Proxy Monitor (BOPM): open proxy -
The address used to send the spam is an open proxy, not an open
smtp-server, but the effect is the same.
When an I.P. address is listed in BOPM, or proxies.relays.monkeys.com,
it is likely that all the e-mail from it will be spam. When the
spammers find one of these open-proxies, they send as much spam as they
can through it in bursts. For the other customers of the ISP with an
open-proxy, during these spam runs, this creates a denial of service attack.
So it is puzzling why the ISPs are not closing these open-proxies as
soon as they are reported.
The web page used for the main part of the spam is hosted by qwest.net.
The contact address is abuse at qwest.net.
The product advertised is likely either a placebo or a drug that is not
legal to sell in the U.S.
wb8tyw at qsl.network
Personal Opinion Only
More information about the samba-technical