Mailing List SIMS@mail.stalker.com Message #6399
From: Tod Fitch <tod@LTFdesign.com>
Subject: Re: (not so) Obvious spam address
Date: Wed, 05 Jul 2000 14:01:19 -0700
To: SIMS Discussions <SIMS@mail.stalker.com>, SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
And why not add

209.71.90.125   # imail.maxcontrols.com
206.20.104.86   # chicagoex.oechicago.com

To your local blacklisted hosts and also report them to the appropriate RBL?

The mail may have a "FROM: uDj09qXpq@mci.com" or "l0uCRg9j1@mci.com" but you did not receive them from an obvious MCI server.

Tod

At 01:42 PM 7/5/2000 , Daniel Solomons wrote:
Hello -

At 4:24 PM -0400 7/5/00, Bill Cole wrote:
>But there is nothing at all which makes it inherently wrong.

True - just not useful for human beings. So they aren't used, except
by spammers hurridly creating a bunch of throwaway accounts.

>  MAYBE it is
>not possible in limited cases (like all numbers for an AOL local part) but
>as a general case there is nothing inherently bogus about an address
>matching the regular expression [0-9]+[a-zA-Z]+[0-9]+.*@.* and in fact I
>have multiple regular correspondents with such addresses.

Nothing inherently bogus, just awkward. You say you have regular
correspondents who have chosen names of this format? Really?

>IOW: what you recognize as 'obvious spam' isn't.  It would be a very bad
>rule for me to use. Maybe you would want to use it.

Obvious spam because out of several million addresses I have logged,
*every* occurrence (also numbering in the millions) of this format
has been spam.

>It would certainly be nice for the SIMS router to have a full RE parser to
>allow more complex rules The fact that there are standard RE libraries
>available as easily portable standard C open source under a BSD-ish
>license makes that something that Stalker might be persuaded to do without
>too much effort.

Yes. But I've already seen considerably resistance to enhancing SIMS
in the past. This is no exception. So I only ask for abilities that
are especially easy, and would most affect spam.

Here are a couple of sample headers that would easily succumb to
either a repeat caps and or an embedded numerics (though not the regx
I suggested) rule. I've received thousands of these, all through
mci.com, but it's not practical to eliminate *all* of mci.com. The
spammer also sends from aol, msn, hotmail, etc. Can you think of an
easier way to stop them?

At 9:24 AM -0700 7/4/00, uDj09qXpq@mci.com wrote:
>Return-Path: uDj09qXpq@mci.com
>Received: from imail.maxcontrols.com ([209.71.90.125] verified) by
>e.oo.net (Stalker SMTP Server 1.8b8) with ESMTP id S.0000648044 for
><daniel@oo.net>; Mon, 03 Jul 2000 18:58:42 -0700
>Received: from OelyX67oV  [216.123.101.199] by imail.maxcontrols.com
>   (SMTPD32-6.00) id A19467F0056; Sun, 02 Jul 2000 13:53:24 -0400
>DATE: 02 Jul 00 1:42:07 PM
>FROM: uDj09qXpq@mci.com
>Message-ID: <IntmSCKG280o>
>SUBJECT: Your Driving Record - Details

At 9:24 AM -0700 7/4/00, l0uCRg9j1@mci.com wrote:
>Return-Path: l0uCRg9j1@mci.com
>Received: from chicagoex.oechicago.com ([206.20.104.86] verified) by
>e.oo.net (Stalker SMTP Server 1.8b8) with ESMTP id S.0000646483 for
><daniel@oo.net>; Sun, 02 Jul 2000 00:41:58 -0700
>Received: from cY5sb34SO (trt-on55-84.netcom.ca [216.123.100.84]) by
>chicagoex.oechicago.com with SMTP (Microsoft Exchange Internet Mail
>Service Version 5.5.2650.21)
>       id LW1S22VN; Sat, 1 Jul 2000 22:10:41 -0500
>DATE: 01 Jul 00 11:01:05 PM
>FROM: l0uCRg9j1@mci.com
>Message-ID: <R9O1pH9S1IqSG4>
>SUBJECT: Your Driving Record - Details

Daniel

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster