Mailing List Archive: BigEvil and edgar-online

BigEvil and edgar-online

Mar 9, 2004, 6:01 AM

Post #1 of 7 (629 views)

A user of my mail system just sent me an FP that hit on BigEvilList_181.
It's from edgar-online.com. From what it looks like, he actually
subscribed to something. Is it possible that this uri should not be
part of the rule? For now, I guess I can either whitelist
*@edgar-online.com, since that's where the email originated, or I can
change the score of this entire rule to 0. Any suggestions?

uri BigEvilList_181
/\b(?:extreme-rapes\.com|excaliburproducts\.com|evansezmoney\.estarnetwo
rk\.com|enjoyadvanced097\.org|emedorders\.com|email\.homemadesimple\.com
|ehostzzz\.net|e-g\.com|efreedomweb\.net|edgar-online\.fundinfo\.wilink\
.com|edgar-online\.com|edgar-online\.ar\.wilink\.com|ecredibledeals\.com
|echofrompeople\.com|e\.1asphost\.com)\b/i
describe BigEvilList_181 Generated BigEvilList_181
score BigEvilList_181 3.0

Thanks,
Mark DeMichele

RE: BigEvil and edgar-online [ In reply to ]

demi at intellipro

Mar 9, 2004, 6:10 AM

Post #2 of 7 (627 views)

Permalink

Additional info:

When I assed my user what edgar-online was he replied this:

"It's a major site for locating SEC filings of public companies (been
around for years--real bona fide site)"

> -----Original Message-----
> From: Mark A. DeMichele
> Sent: Tuesday, March 09, 2004 8:01 AM
> To: spamassassin-users@incubator.apache.org
> Subject: BigEvil and edgar-online
>
> A user of my mail system just sent me an FP that hit on
BigEvilList_181.
> It's from edgar-online.com. From what it looks like, he actually
> subscribed to something. Is it possible that this uri should not be
> part of the rule? For now, I guess I can either whitelist
> *@edgar-online.com, since that's where the email originated, or I can
> change the score of this entire rule to 0. Any suggestions?
>
> uri BigEvilList_181
>
/\b(?:extreme-rapes\.com|excaliburproducts\.com|evansezmoney\.estarnetwo
>
rk\.com|enjoyadvanced097\.org|emedorders\.com|email\.homemadesimple\.com
>
|ehostzzz\.net|e-g\.com|efreedomweb\.net|edgar-online\.fundinfo\.wilink\
>
.com|edgar-online\.com|edgar-online\.ar\.wilink\.com|ecredibledeals\.com
> |echofrompeople\.com|e\.1asphost\.com)\b/i
> describe BigEvilList_181 Generated BigEvilList_181
> score BigEvilList_181 3.0
>
> Thanks,
> Mark DeMichele
>
> ------------------------------------------------------------
> Mail was checked for spam by the Freeware Edition of No Spam Today!
> The Freeware Edition is free for personal and non-commercial use.
> You can remove this notice by purchasing a full license! To order
> or to find out more please visit: http://www.no-spam-today.com

Re: BigEvil and edgar-online [ In reply to ]

maillists at conactive

Mar 9, 2004, 7:31 AM

Post #3 of 7 (634 views)

Permalink

Mark A. DeMichele wrote on Tue, 9 Mar 2004 08:10:52 -0500:

> When I assed my user what edgar-online was he replied this:
>
> "It's a major site for locating SEC filings of public companies (been
> around for years--real bona fide site)"
>

Here's how it got on the list:
http://groups.google.com/groups?as_epq=edgar-online.com&ie=UTF-8&oe=UTF-8&
as_ugroup=*abuse*&lr=&num=30&hl=de

The URL is apparently used in stock pushing scams.

Kai

--

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

Re: BigEvil and edgar-online [ In reply to ]

johnh at aproposretail

Mar 9, 2004, 2:02 PM

Post #4 of 7 (630 views)

Permalink

On Tue, 2004-03-09 at 06:31, Kai Schaetzl wrote:

> Here's how it got on the list:
> http://groups.google.com/groups?as_epq=edgar-online.com&ie=UTF-8&oe=UTF-8&
> as_ugroup=*abuse*&lr=&num=30&hl=de
>
> The URL is apparently used in stock pushing scams.

And PayPal URLs are used in phishing schemes, but do we put paypal.com
into BigEvil?

Edgar is SEC filings and is not evil. It should be removed, or at least
given a small score.

--
John Hardin KA7OHZ
Internal Systems Administrator/Guru voice: (425) 672-1304
Apropos Retail Management Systems, Inc. fax: (425) 672-0192
-----------------------------------------------------------------------
If you smash a computer to bits with a mallet, that appears to count
as encryption in the state of Nevada.
- CRYPTO-GRAM 12/2001
-----------------------------------------------------------------------

RE: BigEvil and edgar-online [ In reply to ]

csanterre at MerchantsOverseas

Mar 9, 2004, 2:14 PM

Post #5 of 7 (629 views)

Permalink

> -----Original Message-----
> From: John Hardin [mailto:johnh@aproposretail.com]
> Sent: Tuesday, March 09, 2004 4:03 PM
> To: SpamAssassin list
> Subject: Re: BigEvil and edgar-online
>
>
> On Tue, 2004-03-09 at 06:31, Kai Schaetzl wrote:
>
> > Here's how it got on the list:
> >
> http://groups.google.com/groups?as_epq=edgar-online.com&ie=UTF
> -8&oe=UTF-8&
> > as_ugroup=*abuse*&lr=&num=30&hl=de
> >
> > The URL is apparently used in stock pushing scams.
>
> And PayPal URLs are used in phishing schemes, but do we put paypal.com
> into BigEvil?
>
> Edgar is SEC filings and is not evil. It should be removed,
> or at least
> given a small score.
>
> --
> John Hardin KA7OHZ

Hehehe I love the internet. It my favorite form of misunderstanding! Kai is
just talking about how it got there in the first place. THe whole discussion
was started because I said I am removing it from Bigevil. Hmm.....are you
saying I should add paypal.com to Bigevil? Sounds good, will do! ;)

--Chris

Re: BigEvil and edgar-online [ In reply to ]

jdow at earthlink

Mar 10, 2004, 12:01 AM

Post #6 of 7 (627 views)

Permalink

From: "Mark A. DeMichele" <demi@intellipro.com>

> A user of my mail system just sent me an FP that hit on BigEvilList_181.
> It's from edgar-online.com. From what it looks like, he actually
> subscribed to something. Is it possible that this uri should not be
> part of the rule? For now, I guess I can either whitelist
> *@edgar-online.com, since that's where the email originated, or I can
> change the score of this entire rule to 0. Any suggestions?
>
> uri BigEvilList_181
> /\b(?:extreme-rapes\.com|excaliburproducts\.com|evansezmoney\.estarnetwo
> rk\.com|enjoyadvanced097\.org|emedorders\.com|email\.homemadesimple\.com
> |ehostzzz\.net|e-g\.com|efreedomweb\.net|edgar-online\.fundinfo\.wilink\
> .com|edgar-online\.com|edgar-online\.ar\.wilink\.com|ecredibledeals\.com
> |echofrompeople\.com|e\.1asphost\.com)\b/i
> describe BigEvilList_181 Generated BigEvilList_181
> score BigEvilList_181 3.0

1) Question if the person is a spammer himself or not.

2) Write a custom rule for that individual to let through the edgar-online
site for that particular person and give it a plus score of 1.

{o.o}

Re: BigEvil and edgar-online [ In reply to ]

jdow at earthlink

Mar 10, 2004, 12:07 AM

Post #7 of 7 (626 views)

Permalink

From: "Kai Schaetzl" <maillists@conactive.com>

> Mark A. DeMichele wrote on Tue, 9 Mar 2004 08:10:52 -0500:
>
> > When I assed my user what edgar-online was he replied this:
> >
> > "It's a major site for locating SEC filings of public companies (been
> > around for years--real bona fide site)"
> >
>
> Here's how it got on the list:
> http://groups.google.com/groups?as_epq=edgar-online.com&ie=UTF-8&oe=UTF-8&
> as_ugroup=*abuse*&lr=&num=30&hl=de
>
> The URL is apparently used in stock pushing scams.

Kai, was this a forged address problem or material that came from their
URL and was not 'open relayed' through their site?

Their record is nearly a decade old, 18-Aug-1995.

{^_^}