Jump to content

Mailwasher false positives?


Black Tiger
 Share

Recommended Posts

I just got mail from the following domains a couple of minutes ago:

businessCompleet (dot) nl

e.vistaprint (dot) com

sat-television (dot) com

vbulletin (dot) org

Mailwasher stated them (status row) as being blacklisted. When pointing with the mouse on them, the name RBL Spamcop came up.

However, I checked the ip adresses of these domains with the checkblock option on the Spamcop site, the adresses are not listed (and they should not be listed).

Is this a false positive of Mailwasher pro (never seen a false positive before) or does the list check not work 100% the same as Mailwasher?

Unfortunately I already deleted the mails except the one from businesscompleet, but I can't find any strange things in the header, also checked ip adres and sender base.

Anybody any clue why Mailwasher (5.3) reported them as being present on the Spamcop blacklist?

Link to comment
Share on other sites

This is just a wild guess because I don't really know the technical details. The reason could be that the websites had just aged off the spamcop blocklist and that your Mailwasher was using a mirrored version that hadn't updated yet or some other version of not being updated - such as how often Mailwasher checks.

I don't know how much you know about spamcop, but the blocklist is automatic - no spam reported and the IP address drops off the list.

Miss Betsy

Link to comment
Share on other sites

...Mailwasher stated them (status row) as being blacklisted. When pointing with the mouse on them, the name RBL Spamcop came up. ...
My knowledge of Mailwasher is second-hand but, as you realize, MW talks about domains and SC talks about IP addresses. And the reason MW's phony bounce facility is utterly reviled in these precincts is because the From: or Reply to: addresses in spam are almost always forged so the distraught recipient of such bounces (if used for spam) is an innocent 3rd party. Putting it all together, I suspect MW is not telling you the IP addresses that the Block List feature is actually blocking on. So when you pull up the address of the forged domain, you are naturally getting no correspondence with the SCbl. Just a stab in the dark.

If you get a free reporting account you can actually see the details of all this stuff. Not a bad way to learn how to read headers, which is the only way to be reasonably sure of the actual origins of the spam (they sometimes forge parts of the relays/hand-on section of the headers too but SC almost always detects that as well).

Link to comment
Share on other sites

I just got mail from the following domains a couple of minutes ago:

businessCompleet (dot) nl

e.vistaprint (dot) com

sat-television (dot) com

vbulletin (dot) org

Mailwasher stated them (status row) as being blacklisted. When pointing with the mouse on them, the name RBL Spamcop came up.

That description seems to imply that something is wrong with MailWasher. The SpamCopDNSBL has nothing to do with Domain names.

Perhaps you'd get something more definite by asking over on the MailWasher support venues?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...