I'm getting a couple of mails today with the following header pair. Is
anyone else seeing this aswell? Two Ip addy's in the Date header would be a
great spam sign if they're in there often... Also a received from an IP that
gives it's full name as a different IP should be a good spamsign aswell.
Received: from 130.89.1.92 ([211.208.72.64])
by netlx010.civ.utwente.nl (8.11.7/HKD) with SMTP id i2I9Cqk12691;
Thu, 18 Mar 2004 10:12:53 +0100
Date: 57.82.90.22 by 211.208.72.64; Thu, 18 Mar 2004 03:08:49 -0600
I'm also getting a lot of emails lately that have the following set of
headers in them (in the headers section or in the plaintext section as
text), I think that they're using them to trick the AOL spamfilters or
something:
X-AOL-IP: 208.20.82.8
X-AOL-SCOLL-SCORE: 1:XXX:XX
X-AOL-SCOLL-URL_COUNT: 2
A rule that would check if the mail passed AOL and if not would penalize
these headers.
A rule that would look for X-headers in the text part of a message would
possibly be a good sign too.
Jesse
anyone else seeing this aswell? Two Ip addy's in the Date header would be a
great spam sign if they're in there often... Also a received from an IP that
gives it's full name as a different IP should be a good spamsign aswell.
Received: from 130.89.1.92 ([211.208.72.64])
by netlx010.civ.utwente.nl (8.11.7/HKD) with SMTP id i2I9Cqk12691;
Thu, 18 Mar 2004 10:12:53 +0100
Date: 57.82.90.22 by 211.208.72.64; Thu, 18 Mar 2004 03:08:49 -0600
I'm also getting a lot of emails lately that have the following set of
headers in them (in the headers section or in the plaintext section as
text), I think that they're using them to trick the AOL spamfilters or
something:
X-AOL-IP: 208.20.82.8
X-AOL-SCOLL-SCORE: 1:XXX:XX
X-AOL-SCOLL-URL_COUNT: 2
A rule that would check if the mail passed AOL and if not would penalize
these headers.
A rule that would look for X-headers in the text part of a message would
possibly be a good sign too.
Jesse