[Coco] How did this spam from an open proxy get through a moderated list?
John E. Malmberg
wb8tyw at qsl.net
Sat Apr 30 21:01:16 EDT 2005
: Original-Received: from unknown (HELO 216.92.131.37) (220.126.249.150)
: by qs281.pair.com with SMTP; 30 Apr 2005 22:39:12 -0000
Absolute spam indicator when external mail server says helo with the
I.P. address of the receiving mail server instead of it's name.
A mail server should be configured to just issue an SMTP 550 code to it,
the message text does not matter since it did not come from
: http://www.spamhaus.org/query/bl?ip=220.126.249.150
This list is also known for zero false positives.
No rDNS at all, is an over 90% indication that the mail is spam.
When a mail server says hello with anything other than it's rDNS name,
that is suspicious, but allowed by RFC, so I have been told.
I am also told that all servers connected to the internet including mail
servers are required to have a working rDNS name by RFC.
Looks like a spammer is spoofing that they are coming from a subscribed
user. Since gmane munged it, I can not tell which one.
I do not think that this forum has any subscribers in Korea and if they
are, would not be using an improperly configured mail server that is
deliberately lying about it's origin, that has been confirmed to be
sending e-mail to non-existent e-mail addresses.
-John
wb8tyw(at)qsl.net
Personal Opinion Only
--
It appears gmane is not accepting posts from my Adelphia I.P. address at
this time. So apologies if this is a duplicate.
The irony, my post gets blocked for an unknown reason, yet a trivial to
detect spam makes it through.
More information about the Coco
mailing list