This is unbelievable: We have seen these kinds of spam-messages over the last weeks on different mail accounts and still Spamassassin & others don't recognize them. Isn't a topic of "Fw: important" compared with the greeting "Hey friend" something that must be spam? Now Nanog was hit which is really annoying. Yes, this message might originate from an authenticated sender and the (faked) sender's domain might light spf and so on - but where is artificial intelligence when one needs it? Time to charge for emails so that this channel will become too expensive for spammers, isn't it?
-----Ursprüngliche Nachricht----- Von: NANOG [mailto:nanog-bounces@nanog.org] Im Auftrag von Pomposello Sarah BDF HPN Gesendet: Donnerstag, 24. September 2015 11:24 An: Brielle Bruns; nanog group; William Herrin Betreff: Fw: important
Hey friend!
Important message, please visit <http://scm-70.com/came.php?93>
Pomposello Sarah BDF HPN
Strange as it has been listed in SURBL for ever since the site was cracked. scm-70.com.wild.surbl.org has address 127.0.0.68
On Sep 24, 2015, at 8:55 AM, Gunther Stammwitz <gstammw@gmx.net> wrote:
This is unbelievable: We have seen these kinds of spam-messages over the last weeks on different mail accounts and still Spamassassin & others don't recognize them. Isn't a topic of "Fw: important" compared with the greeting "Hey friend" something that must be spam? Now Nanog was hit which is really annoying.
Yes, this message might originate from an authenticated sender and the (faked) sender's domain might light spf and so on - but where is artificial intelligence when one needs it?
Time to charge for emails so that this channel will become too expensive for spammers, isn't it?
-----Ursprüngliche Nachricht----- Von: NANOG [mailto:nanog-bounces@nanog.org] Im Auftrag von Pomposello Sarah BDF HPN Gesendet: Donnerstag, 24. September 2015 11:24 An: Brielle Bruns; nanog group; William Herrin Betreff: Fw: important
Hey friend!
Important message, please visit <http://scm-70.com/came.php?93>
Pomposello Sarah BDF HPN
On Thu, Sep 24, 2015 at 02:55:51PM +0200, Gunther Stammwitz wrote:
This is unbelievable:
Yes, it is. Quoting back a spammer's entire message to the entire list, including the payload, is unbelievably stupid. It would have been better to call this to the attention of those charged with the care and feeding of this list, who are available at admins@nanog.org per the nanog.org web site. (Although even that is probably not necessary: I presume that they're keeping eyeballs on the list and quite likely noticed this on their own.) Blocking mailing list spam sent by/via addresses belonging to the mailing list is exceedingly tricky. There are a few methods that are modestly effective but none which present sufficiently low FP/FN performance to be trusted without human intervention. And those which rely on content, like all anti-spam methods which rely on content, can be and are defeated at will by spammers. I have studied this problem in considerable depth over the past several years and have concluded that -- so far -- the only truly reliable method is clueful list moderation with individual approval of every message. This is, however, labor-intensive for high-volume lists and is thus dependent on the availability of trained/practiced teams of list-owners with sufficient available time. ---rsk
participants (4)
-
Gunther Stammwitz -
Rich Kulawiec -
Rob McEwen -
TR Shaw