Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by JosephK

  1. Yahoo's #4 listing may have more to do with Yahoo hosting the spammers' websites as opposed to the sending of spam. (Although I could be wrong.)
  2. Assuming your email server is at, you do not seem to be in any of the major blocklists. You will probably need to post one of the rejection notices. -- Just a happy user, JosephK
  3. Has anyone tested the security of yahoo groups lately? A few months ago, someone attempted to add me to their list without my consent. I received a confirmation email as one would expect from a confirmed opt-in system.
  4. My reading of those headers indicates that your university account is autoforwarding to your yahoo account. At a minimum turning off the autoforward would solve the problem. However, if you are not at the U any more, why is this account still active?
  5. I am a very big fan of MailWasher. However, as Wazoo points out, the bounce feature is 99% useless due to forged addresses and fake ones. There are also questions about it violating most IPS TOS. Having been a victim of forgeries on more than one occation, the last thing anyone needs are fake bounces added to the list of real ones.
  6. On the reporting screen there should be a checkbox for viewing the technical details, or something like that. It will give you a better idea of who, why, and why not.
  7. A very quick parsing by hand leads me to guess that the SpamCop parser is getting confused by the header Received: from amavis by mail.acslink.net.au // with scanned-ok (Exim 3.36 #1 (Debian)) id 1Be0lf-0006hS-00 for <x>; Sat, 26 Jun 2004 10:10:03 +1000 since "amavis" can not be identified. Bad server config, maybe? This assuming that the server(s) at [216.154.195.*] are the ones being falsely accused. My second guess is that SC gets confused at Received: from unknown ( // internal server by blade2.cesmail.net with QMQP; // 25 Jun 2004 14:15:53 -0000 due to the internal server being in the middle of the chain. My very quick guess is that the spam is coming in at tahoe.dnsrouter.com ([]) which may or may not be accurately reporting where it got the message from. OK, and a bit more research shows your jazzalburywodonga.com server to be Name: tahoe.dnsrouter.com IP Address: Given that, looks like you might have an open proxy or open relay or a bad mailform scri_pt on your server.
  8. One of the latest spams from refifast.biz was missing the quotes on the URLs in the HREF tags (quoted-printable encoding). Interestingly all the IMG tags had the quotes. The SC parser did not find any of the HREF tags. Inserting the quotes fixed that problem, but it might be pointing to a bug in the parser. Off the top of my head, I don't recall whether the quotes are required by the HTML spec.
  9. The webbugs/webbeacons are usually simple 1x1 pixel images requested via the standard http requests inside an HTML email. The spammer then has his web servers log all the requests. If you are running a software firewall on the computer you are reading email from, you should be able to configure the firewall to eat/block all http requests from your email reader. This will let you view the HTML formatting without downloading any of the bugs/beacons. However, it will also prevent viewing of ANY linked pictures (but that is what the beacons are).
  • Create New...