[Spambayes] Spam Clues: [Bulk] Re: wegeoVjlAGRA

Thu Jul 27 10:15:30 CEST 2006

I've been receiving lots of similar Spam.

Where would I find this "x-lookup-ip extension" that I might try it too.

Thanks,

Eric Johnson
ejohnson at imagewireless.ca
July 27, 2006
2:15 AM (CST) -0600

-----Original Message-----
From: spambayes-bounces at python.org [mailto:spambayes-bounces at python.org]On
Behalf Of skip at pobox.com
Sent: July 26, 2006 8:54 PM
To: Eric A. Silver
Cc: spambayes at python.org
Subject: Re: [Spambayes] Spam Clues: [Bulk] Re: wegeoVjlAGRA

    Eric> This message was classified as "junk suspects."  It appears to be
    Eric> identical to dozens of message that have come over the past
    Eric> several months, all of which I have moved from junk suspects to
    Eric> the junk folder.  It appears that the training feature isn't
    Eric> working, despite the fact that it's checked.  Any ideas?

If you look at the clues there are few strong spam clues.  The most
important spam clue is the URL you are supposed to click.  Unfortunately,
the domain changes frequently.  It's unlikely you'll see the same one more
than once or twice.  Any new domain will be unknown, thus unused.

I've been using Matt Cowles' x-lookup-ip extension for several days,
precisely to combat these spams.  While all those domains are different,
they all resolve to the same IP address.  Using Matt's extension I get a lot
of spammy clues:

    % spamcounts -r :211
    Loading state from /Users/skip/hammie.db (hammie.db) database
    hammie.db is an existing ZODB, with 38 ham and 127 spam
    token,nspam,nham,spam prob
    url-ip:211.144.69/24,2,0,0.908163265306
    received:211.160.160.49,1,0,0.844827586207
    received:211.160,1,0,0.844827586207
    received:211,2,0,0.908163265306
    url-ip:211.47/16,1,0,0.844827586207
    url-ip:211.144/16,6,0,0.96511627907
    url-ip:211.115/16,1,0,0.844827586207
    received:211.210.242.58,1,0,0.844827586207
    url-ip:211.115.108/24,1,0,0.844827586207
    url-ip:211.115.97.43/32,1,0,0.844827586207
    url-ip:211.115.99.161/32,1,0,0.844827586207
    url-ip:211.47.67.16/32,1,0,0.844827586207
    url-ip:211.115.101/24,1,0,0.844827586207
    url-ip:211.115.97.44/32,1,0,0.844827586207
    url-ip:211.144.68.67/32,4,0,0.949438202247
    url-ip:211.115.97/24,1,0,0.844827586207
    received:211.210,1,0,0.844827586207
    url-ip:211.144.68/24,4,0,0.949438202247
    url-ip:211.115.99/24,1,0,0.844827586207
    received:211.160.160,1,0,0.844827586207
    url-ip:211.189.18/24,1,0,0.844827586207
    url-ip:211.115.108.104/32,1,0,0.844827586207
    received:211.210.242,1,0,0.844827586207
    url-ip:211.144.69.244/32,2,0,0.908163265306
    url-ip:211.189.18.186/32,1,0,0.844827586207
    url-ip:211.115.108.103/32,1,0,0.844827586207
    url-ip:211/8,8,0,0.973372781065
    url-ip:211.47.67/24,1,0,0.844827586207
    url-ip:211.115.101.228/32,1,0,0.844827586207
    url-ip:211.189/16,1,0,0.844827586207

Note that www.tikerandevali.com also maps to 211.144.68.87.

Skip
_______________________________________________
SpamBayes at python.org
http://mail.python.org/mailman/listinfo/spambayes
Check the FAQ before asking: http://spambayes.sf.net/faq.html
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.4/401 - Release Date: 26/07/2006

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.4/401 - Release Date: 26/07/2006