rsh@idirect.com Posted February 6, 2005 Share Posted February 6, 2005 Just received the following and will likely be told by SpamCop that it is over 2 days old, when it is NOT and in fact the sender deliberately is using a stale date. I get a number of these. Is there any solution to this problem? -------------------------------------------------------------- Return-path: <oaoai[at]pisem.net> Envelope-to: rsh[at]idirect.com Delivery-date: Sun, 06 Feb 2005 08:55:21 +0000 Received: from adsl-67-120-101-247.dsl.snfc21.pacbell.net ([67.120.101.247] helo=pisem.net) by keymaster.look.ca with smtp (Exim 4.20) id 1CxiCP-0002pJ-0r for rsh[at]idirect.com; Sun, 06 Feb 2005 08:55:21 +0000 Date: 1 Dec 2004 08:49:47 -0600 From: Paula Mcdowel <oaoai[at]pisem.net> To: <rsh[at]idirect.com> Message-ID: <20041201084947.Lt9KwnepnrKV[at]pisem.net> X-SA-Exim-Mail-From: oaoai[at]pisem.net Content-type: text/plain Subject: [spam] R0lex starting under $200 X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chi.look.ca X-spam-Level: X-spam-Status: No, hits=-98.2 required=9.0 tests=DATE_IN_PAST_96_XX, USER_IN_ALL_SPAM_TO autolearn=no version=2.63 X-SA-Exim-Version: 3.1 (built Tue Feb 24 05:09:27 GMT 2004) X-SA-Exim-Scanned: Yes X-Text-Classification: spam X-POPFile-Link: http://127.0.0.1:8081/jump_to_message?view=33 Authentic Replica Roleex wrist-watches here We are offering Genuine Replica Roleex wrist-watches for a superb pricee ! http://srlmfzjp.ichbhhebfi.com/?M2OiilhmWRnofMM2g6A Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 6, 2005 Share Posted February 6, 2005 The parser uses the date from the first trusted received line (only one such header in your example). The date the parser should get is: Sun, 06 Feb 2005 08:55:21 +0000 From: Received: from adsl-67-120-101-247.dsl.snfc21.pacbell.net ([67.120.101.247] helo=pisem.net) by keymaster.look.ca with smtp (Exim 4.20) id 1CxiCP-0002pJ-0r for rsh[at]idirect.com; Sun, 06 Feb 2005 08:55:21 +0000 If you have a parse that shows differently for this spam, please paste the tracking URL here for examination. From your post: "will likely be told by SpamCop", it appears you have not tried. Link to comment Share on other sites More sharing options...
rsh@idirect.com Posted February 6, 2005 Author Share Posted February 6, 2005 Okay... so I have to watch for one that rejects on date. You are correct and this one did not, so it turns out to have been a poor example. Will post the next one that meets the criteria you cover. TIA Link to comment Share on other sites More sharing options...
get-even Posted February 7, 2005 Share Posted February 7, 2005 idirect.com,Feb 6 2005, 09:46 AM]Just received the following and will likely be told by SpamCop that it is over 2 days old, when it is NOT and in fact the sender deliberately is using a stale date. I get a number of these. Is there any solution to this problem? -------------------------------------------------------------- ... http://srlmfzjp.ichbhhebfi.com/?M2OiilhmWRnofMM2g6A 23986[/snapback] The hotmail account listed in the 'whois' data from the domain is invalid. File a report with wdprs.internic.net and with the registrar (i.e. itsyourdomain.com for this one). BTW. I've gotten blacklisted literally dozens of domains by the same registrant over the past two weeks. Getting the domain revoked is extra work I haven't (yet) bothered with (he used lots of registrars and the relatively `new' spam DNS servers {first,second,third}.cuzdns.com). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.