[Pool] Spam from pool list?
timekeeper at dreamy.sk
Sat Apr 23 12:36:46 UTC 2011
Subject was "<this address> USA Pharmacy-Discount ID07228", and had From
<this address> and To also <this address> (where <this address> is
address I am only using in this list).
Content preview: Click here! [...]
Content analysis details: (31.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
1.9 TVD_RCVD_IP TVD_RCVD_IP
2.1 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
0.0 HTML_MESSAGE BODY: HTML included in message
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[220.127.116.11 listed in zen.spamhaus.org]
3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
1.6 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[18.104.22.168 listed in combined.njabl.org]
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
0.0 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
1.2 DRUGS_ERECTILE_OBFU Obfuscated reference to an erectile drug
0.3 DRUGS_ERECTILE Refers to an erectile drug
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
...so it's a "pills" spam.
> What kind of spam have you got?
> Dreamy <timekeeper at dreamy.sk> schrieb:
>> How did they get my unique e-mail address dedicated for this list?
>> Maybe it is not enough protected in web mail archive, standard form
>> user at domain.tld is not secure and is collected by spambots... I'm
>> just guessing, but I can't imagine anything else.
>>>> did anyone else get some spam from pool list lately?
>> pool mailing list
>> pool at lists.ntp.org
More information about the pool