Skip to content

email untouched by Spam Assassin?

General discussions and other topics.
19 posts Page 2 of 2
Post a reply

Re: email untouched by Spam Assassin?

by Guest » Wed Oct 29, 2014 11:35 am
FWIW, I'm also getting a ton of new spammy crap lately with subjects including stuff like "A registered-child-offender has moved into your-area" and "Medicare-Open Enrollment Information". In trying to see if there was anything Spam Assassin-able in these, I discovered that they are all coming from addresses where the TLD is ".link". A quick look through my mail shows a grand total of ZERO messages that I have ever received from a .link address that was a legitimate email. I'm gonna' try just blacklisting everything coming in from "*@*.link" and see if that helps. And of course, your mileage may vary.
by linelle » Wed Oct 29, 2014 1:15 pm
Guest Guest, I believe you're on to something.
by ben » Tue Nov 11, 2014 1:10 pm
linelle wrote:Guest Guest, I believe you're on to something.
Definitely on to something. Blacklisting *@*.link *@*.me *@*.mobi has slowed my spam flood to a trickle. Nice catch, guest guest.
by Guest » Tue Nov 11, 2014 2:22 pm
You're welcome. I noticed today a new rash of goodies coming in from Austria (*@*.co.at). They may be the next to go....
by Ben » Thu Nov 20, 2014 12:49 pm
I have 3 spams that made it through today despite being from TLDs I have blacklisted. None of the 3 have X-Spam headers and all 3 were received by m.mx.sonic.net.
by Rob » Tue Nov 25, 2014 9:11 am
On 11/22/14 Saturday AM ~ 4:45 to 4:48 an email spoofing 'sonic webmail team' sent to sonic users and others possibly, displayed a link to click which spoofed 'login to your sonic account' but lead to a .ke address containing a windows java exploit which installed cryptowall, an insidious malware-ransomware that prompts the affected user to pay a hefty sum via the tor browser, or lose access to all files on their hard drive. FYI
by Guest » Tue Dec 09, 2014 12:05 pm
Ben wrote:I have 3 spams that made it through today despite being from TLDs I have blacklisted. None of the 3 have X-Spam headers and all 3 were received by m.mx.sonic.net.
I was still getting a few as well, but noted in the full headers that there were (dot) subdomains in all of them, so I added more wildcards, so there are now 4 blacklisted on each offending TLD, eg:

*@*.mobi (the original)
*@*.*.mobi
*.*@*.mobi
*.*@*.*.mobi

...and nothing at all from .mobi, .me, or .link since. Don't know if these additions actually did the trick, or if Sonic themselves fixed something to catch them.
by Ben » Tue Dec 09, 2014 4:35 pm
Guest wrote:...and nothing at all from .mobi, .me, or .link since. Don't know if these additions actually did the trick, or if Sonic themselves fixed something to catch them.
I think this is probably what fixed it: https://corp.sonic.net/status/2014/11/2 ... -resolved/
by ankh » Sat Jan 17, 2015 12:01 pm
really nasty java exploit

Unread postby Guest Rob » Tue Nov 25, 2014 10:11 am
On 11/22/14 Saturday AM ~ 4:45 to 4:48 an email spoofing 'sonic webmail team' sent to sonic users and others possibly, displayed a link to click which spoofed 'login to your sonic account' but lead to a .ke address containing a windows java exploit which installed cryptowall, an insidious malware-ransomware that prompts the affected user to pay a hefty sum via the tor browser, or lose access to all files on their hard drive. FYI
Good lord, and this is the first I hear about it?
Does this mean Sonic detected it and throttled it after three minutes' total time?

I remember seeing it, recognizing it as fake and deleting the damned thing.

Damn.
19 posts Page 2 of 2

Return to “General”