elind Posted October 27, 2007 Posted October 27, 2007 While I'm at it I would like to ask a similar question on another spammer. I make it another thread because it is a little different in another way. This one also gets through having been sent to my spamcop email (I think). I typically get 5 or 6 perday. All identical but sent from all over the world, with a couple of Egyptian ISPs being prominent. (Link.net, Tedata.com). Why do they get through spamcop? However it is different from other spam in that the website listed at the bottom is a disguised website not picked up by spam filtering since they write it as "cures for sure com", not curesforsure.com. I have looked at the site and it seems to be a porn site, with no contact information. It traces to Simplenet.com, an ISP in California. I have called them and they acknowledge the site as being part of one of their clients, but they do nothing to remove it. I have to think they are willing spammer partners. Does anyone else receive these and is there any other way to stick it to simplenet? X-IronPort: hrndva-mx07.mail.rr.com 34764147 X-RR-Connecting-IP: 216.154.195.49 Received: from c60.cesmail.net ([216.154.195.49]) by hrndva-mxlb.mail.rr.com with ESMTP; 27 Oct 2007 07:42:19 +0000 Received: from unknown (HELO filter7.cesmail.net) ([192.168.1.217]) by c60.cesmail.net with SMTP; 27 Oct 2007 03:42:19 -0400 Received: (qmail 2602 invoked by uid 1010); 27 Oct 2007 07:42:18 -0000 Delivered-To: spamcop-net-elind[at]spamcop.net Received: (qmail 2590 invoked from network); 27 Oct 2007 07:42:18 -0000 X-spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on filter7 X-spam-Level: ************* X-spam-Status: hits=13.3 tests=HS_INDEX_PARAM,HTML_MESSAGE,MIME_HTML_ONLY, RDNS_DYNAMIC,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL, URIBL_WS_SURBL version=3.2.3 Received: from unknown (192.168.1.107) by filter7.cesmail.net with QMQP; 27 Oct 2007 07:42:18 -0000 Received: from dsl.dynamic8599200112.ttnet.net.tr (85.99.200.112) by mx70.cesmail.net with SMTP; 27 Oct 2007 07:42:17 -0000 Date: Sat, 27 Oct 2007 06:01:41 -0100 From: "John R. Murray" <uysvca[at]vcet.org> X-Mailer: Calypso Version 3.20.01.01 (4) X-Priority: 3 Message-ID: <18803518.20071027060141006888[at]vcet.org> To: elind[at]spamcop.net Subject: Bright side MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=13 X-SpamCop-Whitelisted: spamcop.net <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body> <br> ==This is MEDFEST==<br> <br> All your favourite stuff Cures are finally on zale<br> <br> <a href="http://fcrhiw.mobytomb.net/?88448682">BuyRightNow</a><br> <br> <br> From<br> Cures for Sure com </body> </html>
StevenUnderwood Posted October 27, 2007 Posted October 27, 2007 Why do they get through spamcop? X-SpamCop-Whitelisted: spamcop.net Same reason, though I do not see the field used to match the whitelist on this one.
DavidT Posted October 27, 2007 Posted October 27, 2007 Same reason, though I do not see the field used to match the whitelist on this one. It was probably the Envelope Sender aka Return Path, which wasn't included in the example. DT
Recommended Posts
Archived
This topic is now archived and is closed to further replies.