This non spam went over the threshold because 68.198.15.112 is listed
on three different lists, but in fact appears to be one of the legit yahoo
mail servers (the friend who sent this to me did so from a Yahoo mail account).
Do all three blacklists need updating?
Steve
Content analysis details: (5.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.9 FROM_ENDS_IN_NUMS From: ends in numbers
0.1 TW_XS BODY: Odd Letter Triples with XS
0.1 TW_YX BODY: Odd Letter Triples with YX
1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely spammer email
0.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
[68.198.15.112 listed in dnsbl.njabl.org]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[68.198.15.112 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[68.198.15.112 listed in dnsbl.njabl.org]
2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[68.198.15.112 listed in dnsbl.sorbs.net]
--------------------------------------------------------------------
Return-Path: XXXXXXXXXXXXXXXXXXXXXXX
Received: from web11405.mail.yahoo.com (web11405.mail.yahoo.com [216.136.131.235])
by geekster.com (8.12.1/8.12.1) with SMTP id i29HJMt9007248
for <sprior@geekster.com>; Tue, 9 Mar 2004 12:19:22 -0500
Message-ID: <20040309171921.67401.qmail@web11405.mail.yahoo.com>
Received: from [68.198.15.112] by web11405.mail.yahoo.com via HTTP; Tue, 09 Mar 2004 09:19:21 PST
Date: Tue, 9 Mar 2004 09:19:21 -0800 (PST)
From: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Subject: Fwd: FW: Tuesday chuckle : )
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1494966760-1078852761=:66948"
--0-1494966760-1078852761=:66948
Content-Type: text/plain; charset=us-ascii
Content-Id:
Content-Disposition: inline
Note: forwarded message attached.
on three different lists, but in fact appears to be one of the legit yahoo
mail servers (the friend who sent this to me did so from a Yahoo mail account).
Do all three blacklists need updating?
Steve
Content analysis details: (5.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.9 FROM_ENDS_IN_NUMS From: ends in numbers
0.1 TW_XS BODY: Odd Letter Triples with XS
0.1 TW_YX BODY: Odd Letter Triples with YX
1.1 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely spammer email
0.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
[68.198.15.112 listed in dnsbl.njabl.org]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[68.198.15.112 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[68.198.15.112 listed in dnsbl.njabl.org]
2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[68.198.15.112 listed in dnsbl.sorbs.net]
--------------------------------------------------------------------
Return-Path: XXXXXXXXXXXXXXXXXXXXXXX
Received: from web11405.mail.yahoo.com (web11405.mail.yahoo.com [216.136.131.235])
by geekster.com (8.12.1/8.12.1) with SMTP id i29HJMt9007248
for <sprior@geekster.com>; Tue, 9 Mar 2004 12:19:22 -0500
Message-ID: <20040309171921.67401.qmail@web11405.mail.yahoo.com>
Received: from [68.198.15.112] by web11405.mail.yahoo.com via HTTP; Tue, 09 Mar 2004 09:19:21 PST
Date: Tue, 9 Mar 2004 09:19:21 -0800 (PST)
From: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Subject: Fwd: FW: Tuesday chuckle : )
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1494966760-1078852761=:66948"
--0-1494966760-1078852761=:66948
Content-Type: text/plain; charset=us-ascii
Content-Id:
Content-Disposition: inline
Note: forwarded message attached.