spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amir Caspi <ceph...@3phase.com>
Subject Re: Uptick in spam
Date Fri, 27 Mar 2015 19:31:33 GMT
On Mar 27, 2015, at 1:20 PM, Axb <axb.lists@gmail.com> wrote:

> These three samples are very different in the sense that #1 is a hacked
> site, #2 & #3 are the regular snowshoe.

Of course, I picked three different samples on purpose.  But, I have hundreds that replicate
these.

> What I miss in your sample's SA reports are any URIBL hits of some sort.

Because there were no hits.  That's exactly the point.

> Are you doing URIBL lookups? and using RAZOR & PYZOR?

Yes, using Razor, Pyzor, and DCC.  Also using all default RBLs and URIBLs.  Per my last message,
the whole issue is that my user appears to be getting the "hot of the presses" run of these
spams, before they have been reported to the RBLs, URIBLs, and hash DBs like Razor and Pyzor.
 Therefore, none of the network checks are getting hit... they are absolutely enabled, and
a few hours later they would hit high scores, but upon initial receipt they simply do not
hit because the spam is too new.

This is my whole issue -- since my user appears to be very high up on the recipient list for
all these spammers, and is therefore getting spams before the network checks are effective,
how can we combat these "new" spams _before_ the network checks become effective?

Thanks.

--- Amir


Mime
View raw message