Getting suddenly a lot of SPAM, see sample....

This is transferred to the new board at http://fraudreports.prophpbb.com
Spammers should not profit, so post information here that hits their pockets.

Getting suddenly a lot of SPAM, see sample....

Postby Anno_Nüm » Thu May 29, 2014 2:45 am

Usually Spamassasin works OK (just ok, gmail filter is way better) but suddenly I get a lot of similar looking SPAM.

With similar I mean, email domain is usually the spamvertized URL. About 50% of those are *.EU domains.

Example:
Code: Select all
Return-Path:    <Rates@happymanads.eu>
X-Spam-Checker-Version:    SpamAssassin 3.3.1 (2010-03-16) on ****@*************
X-Spam-Flag:    YES
X-Spam-Level:    ***
X-Spam-Status:    Yes, score=3.5 required=3.0 tests=BAYES_99,HTML_MESSAGE, SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.1
X-Spam-Report:    * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay * domain * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message
X-Original-To:    ****@*************
Delivered-To:    ****@*************
Received:    from mv4xe3b.happymanads.eu (mv4xe3b.happymanads.eu [23.95.13.76]) by ****@************* (Postfix) with ESMTP id 5F0FB5050050 for <****@*************>; Thu, 29 May 2014 00:01:32 -0500 (CDT)
Received:    by 00091a87.mv4xe3b.happymanads.eu (amavisd-new, port 1835) with ESMTP id 00F091AY87; for <****@*************>; Wed, 28 May 2014 22:01:28 -0700
Message-ID:    <8351745957808354847392636@mv4xe3b.happymanads.eu>
Subject:    [SPAM 3.5] Homeowners should not ignore this email!
To:    <****@*************>
From:    "Rates" <Rates@happymanads.eu>
Date:    Wed, 28 May 2014 22:01:28 -0700
Content-Language:    en-us
MIME-Version:    1.0
Content-Transfer-Encoding:    8bit
Content-Type:    multipart/alternative; boundary="__________MIMEboundary__________"
X-Spam-Prev-Subject:    Homeowners should not ignore this email!

Issue viewing our email ? Please browse here.

http://www.happymanads.eu/l/lt7KN8YGS47KY/48XIY392AU636ET595780SEQSP39212/qs/?

Homeowners should not ignore this email!

http://www.happymanads.eu/l/lt7CP83547XF/48QDM392VFL12FU595780TLERC3921052/qs/?

Removal

http://www.happymanads.eu/l/lb5R5INS47DW/48PIN392UK636NK5780UXAGL2105292/qs/?

prospectus BURNED glimmer Redmond commented DESPATCHED distribuida Apr. NOWRAP SALLY
3114 orthodox arvato sieht luminaries glaube incorporated Matchen fecha espace dank
2FSAIR 7240 stockholders heb 5622 1f497d. netzero datum forwarding NOSHADE PODR JOBID
jrnl rai cdt purchased zendesk vragen FAKTURA 6899 // [rest deleted]



I just wonder about the sudden SPAM explosion.... I think I reported about 2-300 the last few days. URLs rarely repeat.

Update:
The URLs from the messages that I cleaned up this morning:
alongops.com
amazingslimforowmen01.us
amigobug.com
businessawardsnow.com
enormouslet.com
falseauto.com
flxhosebogodeals-01.us
gelzip.com
geyfast.com
keepzz-smilez.eu
millikat.com
moburveg.com
mysticaljog.com
northhoney.com
noskin-marks.eu
ohchoirons.com
ozav.net
paxmot.com
prntter.eu
relidrat.com
scott6.eu
sidetew.com
smc-review-score1348.us
topfunnynews.eu
toppositivnews.eu
tunkenti.com
twafigure.com
windowofferspecial0121.us
yahyen.com

They look like all from the same source to me.

A list I from last night. About half of them had no SPAM score (Spamassassin). SPAM over a certain score gets automatically deleted)

It seems that:

• Every domain was registered on that day.
• Every domain is used only once.

24daysinnsmiles.eu
24happysunshines.in
77happydayfuns.eu
adenmim.com
adilnce.me.uk
adountil.com
advnc-vacum.eu
agaocean.com
agencynoteit.com
ayedressyon.com
bestsellsa1.us
cellnip.com
cudrib.com
dunheavy.com
ersvug.com
factenormous.com
fromgyp.com
gjdsfjhsa.me.uk
glentrue.com
gschjdgd.me.uk
housemoveof.com
imuerdfens.me
junebackground-check.us
lemontreee.eu
livez-well.eu
nanothy.com
nearroad.com
nixdecorated.com
ohocur.com
peescuermenck.me
retdow.com
roundte.com
seemonpent.com
syntheticnew.com
tichesseed.com
vldly.co.uk
ygdstuds.me.uk
Anno_Nüm
Getting started
 
Posts: 46
Joined: Wed Nov 03, 2010 11:47 pm

Re: Getting suddenly a lot of SPAM, see sample....

Postby Anno_Nüm » Sat Aug 02, 2014 10:58 pm

I fount the issue!

My Linux box runs Spamassasin, that by itself is a rather poor SPAM protection. Then many moons back I installed Postgrey, which then reduced the inbox SPAM by >90%. That's not as good as the google gmail filter, but quite close. Story was, Postgrey stalled and I didn't notice that.

Problem fixed now.
Anno_Nüm
Getting started
 
Posts: 46
Joined: Wed Nov 03, 2010 11:47 pm

Re: Getting suddenly a lot of SPAM, see sample....

Postby AlphaCentauri » Sat Aug 16, 2014 3:39 pm

Interesting it made so much difference!
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am


Return to Fight Spammers

Who is online

Users browsing this forum: Yahoo [Bot] and 1 guest