Loading ...
Sorry, an error occurred while loading the content.

Re: how to stop facebook spam emails

Expand Messages
  • motty cruz
    Thank you Mr. Wietse, I added spamcop to my rbl since to be holding the line for now. Thank you very much!
    Message 1 of 7 , Jul 29 12:16 PM
    • 0 Attachment
      Thank you Mr. Wietse,
      I added spamcop to my rbl since to be holding the line for now. 

      Thank you very much!


      On Mon, Jul 29, 2013 at 12:04 PM, Wietse Venema <wietse@...> wrote:
      Viktor Dukhovni:
      > On Mon, Jul 29, 2013 at 09:37:19AM -0700, motty cruz wrote:
      >
      > > Hello, users in my domain are getting lots of spam emails from facebook
      > > such as this update+zj4o40c2_aay@...
      > >
      > > Received: from facebook.com (unknown [173.200.156.65])
      > >   by spamfilter.domain.com (Postfix) with ESMTP id CBE9B4562E5;
      > >   Mon, 29 Jul 2013 08:25:32 -0700 (PDT)
      >
      > Note, this is not actually from facebook, the mail is a forgery
      > and may be a phishing scam.
      ...
      > If none of the RBLs list this and lots of similar sources, you need
      > a spam content filter or milter that does.

      The IP address is listed at zen.spamhaus.org, bl.spamcop.net, and
      b.barracudacentral.org, and perhaps more.

              Wietse

    • Stan Hoeppner
      ... Motty, note that using bl.spamcop.net for direct rejection is discouraged by the Spamcop team. The chance of FPs is pretty high with this DNSBL. It is
      Message 2 of 7 , Jul 29 3:43 PM
      • 0 Attachment
        On 7/29/2013 2:16 PM, motty cruz wrote:
        > Thank you Mr. Wietse,
        > I added spamcop to my rbl since to be holding the line for now.

        Motty, note that using bl.spamcop.net for direct rejection is
        discouraged by the Spamcop team. The chance of FPs is pretty high with
        this DNSBL. It is recommended that you use bl.spamcop.net only in a
        scoring system such as SA and with a relatively low score. SA in fact
        does this with spamcop in the default configuration.

        Using Postscreen w/Zen and BRBL, along with client/sender/helo rhsbl
        checks against dbl.spamhaus.org, should REJECT 90-95% of your inbound
        spam connections including all bot spam. Then all you have to worry
        about is snowshoe. For that you'll need a good content filter, and/or
        much manual work building CIDR tables of revealed snowshoe networks.
        There exist both public and private mailing lists that specialize in
        publishing such snowshoe spammer CIDR ranges.

        > On Mon, Jul 29, 2013 at 12:04 PM, Wietse Venema <wietse@...>wrote:

        >> The IP address is listed at zen.spamhaus.org, bl.spamcop.net, and
        >> b.barracudacentral.org, and perhaps more.

        Just a few. ;) I omitted the APEWS listing, for obvious reasons.

        173.200.156.65 abuse.ch combined zone Listed
        173.200.156.65 abuse.ch spam blacklist Listed
        173.200.156.65 Barracuda Reputation Block List Listed
        173.200.156.65 CBL Listed
        173.200.156.65 Mailspike Blacklist Listed
        173.200.156.65 McAfee RBL Listed
        173.200.156.65 nsZones.com SBL Listed
        173.200.156.65 nsZones.com SBL+Dyn Listed
        173.200.156.65 Project Honey Pot (http:BL) Listed
        173.200.156.65 SORBS Aggregate zone (problems) Listed
        173.200.156.65 SORBS Spamhost (any time) Listed
        173.200.156.65 SORBS Spamhost (last 28 days) Listed
        173.200.156.65 SORBS Spamhost (last year) Listed
        173.200.156.65 SpamCop Blocking List Listed
        173.200.156.65 Spamhaus SBL-XBL Combined Block List Listed
        173.200.156.65 Spamhaus XBL Exploits Block List Listed
        173.200.156.65 Spamhaus ZEN Combined Block List Listed
        173.200.156.65 Unsubscribe Blacklist UBL Listed
        173.200.156.65 V4BL/DDNSBL Listed
        173.200.156.65 Hostkarma Listed
        173.200.156.65 Mailspike Reputation Listed
        173.200.156.65 Quorum.to Listed

        The fact that just about everyone in the DNSBL world is listing this IP,
        and you accepted mail from it, would suggest that you are fairly new to
        using DNSBLs, and anti-spam controls in general. It may prove valuable
        to search the list archives for "DNSBL" and/or "spam".

        --
        Stan
      Your message has been successfully submitted and would be delivered to recipients shortly.