Jump to content

LOTS of "stock pumping" suddenly slipping through


Recommended Posts

I don't know about the rest of you with SC/Cesmail email accounts, but I've seen a sudden increase of false negatives slipping through into my inbox....especially a bunch of stock pumping messages. I saw several brief topics about this over in the "spamcop.mail" newsgroup, and one person said that the CBL blocklist option *should* be catching these, but from what I'm seeing, there *might* be a problem with SC's connection to that blocklist.

Here are two TUs from stock pump spams that when processed, appear to come from sources listed on the CBL, and yet despite the CBL being one of my selected blocklists, they're getting through:

http://www.spamcop.net/sc?id=z893629776zd3...dffd2c9ddbfb0cz

http://www.spamcop.net/sc?id=z893630493zb1...7ff4182a53754bz

Those are only two of MANY such things that have been hitting my inbox over the last few days. Did I miss some previous discussion of that here?

DT

Link to comment
Share on other sites

This may be an issue of timing. Here is a spam spew timeline:

1) spam Spew Starts

2) Spamcop user checks their mail, sees spam and reports it

3) spam source gets listed on the SCBL

4) Further emails from this spam source blocked by the SCBL

5) spam spew stops

If you are near the top of the spammers mail list, chances are good that the mail will be in your inbox before their sending server gets listed.

If I'm not mistaken, spamcop processes the blocklists when mail arrives, not when you check it, so if the source wasn't listed at the time the message was received, it will make it to your inbox and won't be checked again later when you logon.

Link to comment
Share on other sites

You're on the right track...but this doesn't necessarily have to do with the SCBL. I'm talking about stuff that should be blocked due to listing on a third-party BL that I've selected in my "options."

But, related to what you've written, here's what I just posted in the NG:

I've done a little more research on the flood of false negatives making it into my SC inbox, and although all of the IPs I've checked so far are listed on the CBL, the listing times were less than half an hour before their arrivals at the SC mail servers, so maybe the SC servers aren't doing "realtime" queries of the CBL when processing incoming email? Here's an example:

CBL lookup:

IP Address 221.199.146.98 was found in the CBL.

It was detected at 2006-03-09 12:00 GMT (+/- 30 minutes).

spam received:

by mx53.cesmail.net with SMTP; 9 Mar 2006 12:32:40 -0000

So, although if things were functioning ideally, that spam should have been blocked, we might be looking at stuff that's getting by just under the wire, before the SC system can tell that the CBL is listing them.

DT

Link to comment
Share on other sites

You're on the right track...but this doesn't necessarily have to do with the SCBL. I'm talking about stuff that should be blocked due to listing on a third-party BL that I've selected in my "options."

41107[/snapback]

I can't say that I've noticed this issue with my SpamCop Email account. But I do have my spam Assassin trigger level set very low (2) so my guess is that these messages are caught on the basis of content rather than a block list.

Andrew

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...