![]() |
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Search this Thread | Display Modes |
#6
|
|||
|
|||
![]()
"F. H. Muffman" wrote:
Yes it does, if we are talking about e-mail SPAM, which I am. How do you know it was 'forged'? How do you know that the email was *not* created by the application in question? Because it was direct-to-MX, from an IP address listed on a DNSRBL, and because of the nature of the payload (bitmap drug spam). When you're talking about zombie-spam, you're talking about a customized SMTP engine where the spammer has designed the spam to look legit. Consider this. I run an SMTP server for a small corporate domain. I don't have an MX record! Why? Because my A-record points to my SMTP server. Under SMTP rules, MX lookup failures are supposed to fall back to the domain's A-record. So bingo, I continue to receive mail. But guess what - about 75% of zombies don't follow the rules, so when they get an MX lookup failure for my domain they chug right along and send out the next spam to the next recipient. Ok, so 25% of zombie spam gets through. But in my case, 1/2 of that has "The Bat" in the X-mailer line. So guess what I do - yup - that stuff goes right into my spam folder. Of the remaining stuff, I have a few dozen rules, most of it based on what's in the header, and some of that is the OE version. Now I can easily check all of my 60k e-mails going back to 1997 and see if any new spam detection rule would turn up positive on a "good" e-mail that I've received in the past. I'm seeing some of these OE versions where the version is something like 5.00 or 5.50 and either I've never gotten a "good" e-mail with that version, or that last time I did get a good e-mail was maybe 4 or 5 years ago - so I consider the odds that I'm going to get another valid e-mail from someone that hasn't updated their computer for 5 years. If the spammers want to help me that much by forging their spam with such an old version of OE then why not take advantage of it? |
Thread Tools | Search this Thread |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
reduce spam by sending a mailer-daemon? | cln | Outlook - General Queries | 2 | May 3rd 07 02:54 PM |
Email address line question | eli | Outlook - General Queries | 1 | April 3rd 07 10:17 PM |
I tryed deleting line MAILER-DAEMON in Outllook mail, it didn't wo | Ben from ncaddnj | Outlook - Using Contacts | 0 | September 27th 06 07:12 PM |
japanese outlook 2k is showing question marks in the subject line | mcgauran -- daiwa securities | Outlook - Installation | 1 | June 8th 06 02:18 PM |
Cannot get Outlook Express to connect on line | Blair | Outlook Express | 3 | April 21st 06 06:24 PM |