Re: how to stop facebook spam emails
- Thank you Mr. Wietse,I added spamcop to my rbl since to be holding the line for now.Thank you very much!On Mon, Jul 29, 2013 at 12:04 PM, Wietse Venema <wietse@...> wrote:
Viktor Dukhovni:> On Mon, Jul 29, 2013 at 09:37:19AM -0700, motty cruz wrote:...
> > Hello, users in my domain are getting lots of spam emails from facebook
> > such as this update+zj4o40c2_aay@...
> > Received: from facebook.com (unknown [22.214.171.124])
> > by spamfilter.domain.com (Postfix) with ESMTP id CBE9B4562E5;
> > Mon, 29 Jul 2013 08:25:32 -0700 (PDT)
> Note, this is not actually from facebook, the mail is a forgery
> and may be a phishing scam.> If none of the RBLs list this and lots of similar sources, you needThe IP address is listed at zen.spamhaus.org, bl.spamcop.net, and
> a spam content filter or milter that does.
b.barracudacentral.org, and perhaps more.
- On 7/29/2013 2:16 PM, motty cruz wrote:
> Thank you Mr. Wietse,Motty, note that using bl.spamcop.net for direct rejection is
> I added spamcop to my rbl since to be holding the line for now.
discouraged by the Spamcop team. The chance of FPs is pretty high with
this DNSBL. It is recommended that you use bl.spamcop.net only in a
scoring system such as SA and with a relatively low score. SA in fact
does this with spamcop in the default configuration.
Using Postscreen w/Zen and BRBL, along with client/sender/helo rhsbl
checks against dbl.spamhaus.org, should REJECT 90-95% of your inbound
spam connections including all bot spam. Then all you have to worry
about is snowshoe. For that you'll need a good content filter, and/or
much manual work building CIDR tables of revealed snowshoe networks.
There exist both public and private mailing lists that specialize in
publishing such snowshoe spammer CIDR ranges.
> On Mon, Jul 29, 2013 at 12:04 PM, Wietse Venema <wietse@...>wrote:Just a few. ;) I omitted the APEWS listing, for obvious reasons.
>> The IP address is listed at zen.spamhaus.org, bl.spamcop.net, and
>> b.barracudacentral.org, and perhaps more.
126.96.36.199 abuse.ch combined zone Listed
188.8.131.52 abuse.ch spam blacklist Listed
184.108.40.206 Barracuda Reputation Block List Listed
220.127.116.11 CBL Listed
18.104.22.168 Mailspike Blacklist Listed
22.214.171.124 McAfee RBL Listed
126.96.36.199 nsZones.com SBL Listed
188.8.131.52 nsZones.com SBL+Dyn Listed
184.108.40.206 Project Honey Pot (http:BL) Listed
220.127.116.11 SORBS Aggregate zone (problems) Listed
18.104.22.168 SORBS Spamhost (any time) Listed
22.214.171.124 SORBS Spamhost (last 28 days) Listed
126.96.36.199 SORBS Spamhost (last year) Listed
188.8.131.52 SpamCop Blocking List Listed
184.108.40.206 Spamhaus SBL-XBL Combined Block List Listed
220.127.116.11 Spamhaus XBL Exploits Block List Listed
18.104.22.168 Spamhaus ZEN Combined Block List Listed
22.214.171.124 Unsubscribe Blacklist UBL Listed
126.96.36.199 V4BL/DDNSBL Listed
188.8.131.52 Hostkarma Listed
184.108.40.206 Mailspike Reputation Listed
220.127.116.11 Quorum.to Listed
The fact that just about everyone in the DNSBL world is listing this IP,
and you accepted mail from it, would suggest that you are fairly new to
using DNSBLs, and anti-spam controls in general. It may prove valuable
to search the list archives for "DNSBL" and/or "spam".