spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <djo...@ena.com>
Subject Re: Phishing email or no?
Date Thu, 11 Oct 2018 21:14:55 GMT
On 10/11/18 3:30 PM, Alex wrote:
> Hi,
> 
> I'm curious what people think of this:
> 
> https://pastebin.com/1XjwaCY1
> 
> It's unsolicited, so that makes it spam to me, but is it dangerous?
> yesinsights.com appears to be a legitimate company, but the sender,
> emma@hrteamerus.com, is a registered domain but has no DNS record.
> 
> Is it just a lame attempt to confirm email addresses?
> 
> Outlook just seems to be a non-stop source of spam. I'd report it to
> yesinsights, but it appears it's being used exactly as the service
> intended?
> 
> Any idea on tips to block it, other than bayes?
> 

Is that the entire email in the pastebin link above?  I ran it through 
my SA platform and it's missing a few headers.

	DKIM_INVALID,DKIM_SIGNED,ENA_NO_TO_CC,MISSING_DATE,MISSING_FROM,
	MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT

Since it doesn't have a valid opt-out, I would report it to SpamCop, 
report it to yesinsights.com's abuse if SpamCop doesn't already, and add 
a blacklist_from *@hrteamerus.com entry.

If you start seeing patterns of repeating emails, then a local content 
rule and Bayes training would be the best option.  Maybe get these into 
the nightly masscheck so others can work on some rules to go into the 
default ruleset.

-- 
David Jones
Mime
View raw message