1. Yes, it's a whole new look! Have questions or need help? Please post your question in the New Forum Questions thread Click the X to the right to dismiss this notice
    Dismiss Notice
  2. Seeing tons of unread posts after the upgrade? See this thread for help. Click the X to the right to dismiss this notice
    Dismiss Notice

Need Advice Why is this spam/Phish bullet proof?

Discussion in 'Community Broadband & Computers' started by Kaosdad, Jul 17, 2009.

  1. Kaosdad

    Kaosdad Will work for Rum

    Joined:
    Sep 21, 2005
    Messages:
    2,557
    Likes Received:
    4
    I am certain you have all gotten a bazillion e-mails from "greetingcard.org" witht he subject line "You've received a greeting ecard". And like me you dutifully delete them without opening as you know the link will immediatly deposit some nasty on your hard drive. Now, I have also tried to mark this as "junk" at both the Openband level and in Outlook. I have tagged this with specific words in the "from" address as well as specific words in the subject line yet these e-mails evade all tactics!!!!

    The header looks like this:

    Return-Path: <somepoorschmuck@Igotbotted.XXX>
    Received: from 71.184.47.199 unverified ([71.184.47.199]) by SNDE01LA.mail2world.com with Mail2World SMTP Server;
    Thu, 16 Jul 2009 20:25:25 -0700
    Date: Thu, 16 Jul 2009 22:27:14 -0600
    From: "greetingcard.org" <somepoorschmuck@Igotbotted.XXX>
    Subject: You've received a greeting ecard
    To: thenextpoorschmuck@botme.foo
    Message-ID: <randomstring@poorschmuck>
    MIME-Version: 1.0
    X-MIMEOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
    X-Mailer: Microsoft Windows Mail 6.0.6001.18000
    Content-type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original
    Content-transfer-encoding: 7bit
    X-Priority: 3
    X-MSMail-priority: Normal

    How is it dancing around two junk lists AND Avast! AV?????
     
  2. Twriter

    Twriter Get a Mac!

    Joined:
    Feb 25, 2002
    Messages:
    260
    Likes Received:
    6
  3. Kaosdad

    Kaosdad Will work for Rum

    Joined:
    Sep 21, 2005
    Messages:
    2,557
    Likes Received:
    4
    The latest came from 190.183.24.226

    However, they are all originating from botted .de domains.

    But what bugs me is the Outlook rules are fairly dumb - they match strings. Why can't it match "geeting ecard" or "greeting card"?

    Not cerain what you mean by "raw source."
     
  4. Dawne

    Dawne HOA VP/Tech Comm

    Joined:
    Dec 21, 2001
    Messages:
    617
    Likes Received:
    11
    If you find them all coming from .de domains, couldn't you just blacklist *.de domains at your ISP? (Unless, of course, this blocks emails from your grandma in Germany).
     
  5. T8erman

    T8erman Well-Known Member

    Joined:
    Sep 26, 2003
    Messages:
    5,190
    Likes Received:
    228
  6. Kaosdad

    Kaosdad Will work for Rum

    Joined:
    Sep 21, 2005
    Messages:
    2,557
    Likes Received:
    4
    @ T8 - great thanks!
    @ Dawne - I try not to blanket block places as you never know what juicy bits of information are out there.
     

Share This Page