Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 12883 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spam from very new .US domains?

drxaab
DISCLAIMER: I am *NOT* our email admin, but there are patterns in our spam that make me think they should be easily detectable/score-worthy.

The recent flood of spam that's passed our filtering is largely from the .us domain AND from domains that are less than an hour old.  When you're using blacklist methods to filter, these are probably not going to be stopped as they haven't been around long enough to be in anyone's lists.

Is there a method in PM for checking domain age and adding that to the scoring?  Maybe a DOMAIN_IN_DIAPERS score or something along those lines?

Just curious.  Thanks!

andrew.


This thread was automatically locked due to age.
Parents
  • 0
    Bruce, since I've been fighting my own personal war on this group, I can tell you that they have all of their ducks in a row.  Here's an extract of a header from yesterday:
    Received: from value.trusteasejointpains.us ([213.163.64.67]:58352 helo=trusteasejointpains.us)
    by mail.ourdomain.com with esmtp (Exim 4.76)
    (envelope-from )
    id 1XHyvi-0002vI-0H
    for info@ourdomain.com; Thu, 14 Aug 2014 12:35:14 -0500
    Date: Thu, 14 Aug 2014 10:37:44 -0700
    Subject: Fwd: News:  The Truth about Joint Pain Relief
    Content-Type: text/plain; charset="utf-8"
    Message-ID: 
    Mime-Version: 1.0
    To: 
    From: Relieve.JointPain.14267751 
    Content-Transfer-Encoding: quoted-printable
    Return-Path: clinically.proven.tfx-751@trusteasejointpains.us
    X-OriginalArrivalTime: 14 Aug 2014 17:35:20.0916 (UTC) FILETIME=[1F198140:01CFB7E6]

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Bruce, since I've been fighting my own personal war on this group, I can tell you that they have all of their ducks in a row.  Here's an extract of a header from yesterday:
    Received: from value.trusteasejointpains.us ([213.163.64.67]:58352 helo=trusteasejointpains.us)
    by mail.ourdomain.com with esmtp (Exim 4.76)
    (envelope-from )
    id 1XHyvi-0002vI-0H
    for info@ourdomain.com; Thu, 14 Aug 2014 12:35:14 -0500
    Date: Thu, 14 Aug 2014 10:37:44 -0700
    Subject: Fwd: News:  The Truth about Joint Pain Relief
    Content-Type: text/plain; charset="utf-8"
    Message-ID: 
    Mime-Version: 1.0
    To: 
    From: Relieve.JointPain.14267751 
    Content-Transfer-Encoding: quoted-printable
    Return-Path: clinically.proven.tfx-751@trusteasejointpains.us
    X-OriginalArrivalTime: 14 Aug 2014 17:35:20.0916 (UTC) FILETIME=[1F198140:01CFB7E6]

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML