[Pool] Spam from pool list?

Dreamy timekeeper at dreamy.sk
Sat Apr 23 12:36:46 UTC 2011


Subject was "<this address> USA Pharmacy-Discount ID07228", and had From
<this address> and To also <this address> (where <this address> is
address I am only using in this list).

Spamassassin said:

Content preview:  Click here! [...] 

Content analysis details:   (31.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 4.4 HELO_DYNAMIC_IPADDR2   Relay HELO'd using suspicious hostname (IP addr
                            2)
 3.5 HELO_DYNAMIC_SPLIT_IP  Relay HELO'd using suspicious hostname (Split
                            IP)
 1.9 TVD_RCVD_IP            TVD_RCVD_IP
 2.1 RCVD_NUMERIC_HELO      Received: contains an IP address used for HELO
 1.0 BAYES_60               BODY: Bayesian spam probability is 60 to 80%
                            [score: 0.7593]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.8 HTML_IMAGE_ONLY_08     BODY: HTML: images with 400-800 bytes of words
 1.5 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 0.9 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                            [200.234.111.49 listed in zen.spamhaus.org]
 3.0 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
 1.6 RCVD_IN_NJABL_PROXY    RBL: NJABL: sender is an open proxy
                            [200.234.111.49 listed in combined.njabl.org]
 2.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                            [URIs: jeriitola.com]
 1.9 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL blocklist
                            [URIs: jeriitola.com]
 1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: jeriitola.com]
 1.5 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: jeriitola.com]
 1.1 URIBL_RHS_DOB          Contains an URI of a new domain (Day Old Bread)
                            [URIs: jeriitola.com]
 0.0 HTML_SHORT_LINK_IMG_1  HTML is very short with a linked image
 1.2 DRUGS_ERECTILE_OBFU    Obfuscated reference to an erectile drug
 0.3 DRUGS_ERECTILE         Refers to an erectile drug
 0.1 RDNS_NONE              Delivered to trusted network by a host with no rDNS

...so it's a "pills" spam.

> What kind of spam have you got?
>
> Dreamy <timekeeper at dreamy.sk> schrieb:
>
>> How did they get my unique e-mail address dedicated for this list?
>> Maybe it is not enough protected in web mail archive, standard form
>> user at domain.tld is not secure and is collected by spambots... I'm
>> just guessing, but I can't imagine anything else.
>>
>>>> Hello,
>>>>
>>>> did anyone else get some spam from pool list lately?
>>> No.
>>>
>>> Cheers,
>>> David
>> _______________________________________________
>> pool mailing list
>> pool at lists.ntp.org
>> http://lists.ntp.org/listinfo/pool



More information about the pool mailing list