'Doc' expressed some interest in a strange orbz bounce. These
are similar to the pieces which provoked the procmail
scripting:
Date: Wed, 29 Aug 2001 02:29:22 +0100
From: "fkghh@mail.yahoo.co.jp" <fkghh@mail.yahoo.co.jp>
To: "9574@163.net" <9574@163.net>
Subject: -IW- Instantly Attract Women Sexually! 931687
S.e.x.u.a.l.l.y Attract-Women Instantly with nature's secret
weapon... Phero-mones!! csh1 cs3
Invisible and undetectable, when unknowingly inhaled by any
woman, Androsten-one Phero-mone Concen
<snip>
-----------------------------
procmail added the '-IW-' marker, and then later, when it was
not 'vetted' as expected by one of my other marking recipies,
concluded that it was possibly a processed meat product.
Accordingly it sent it to my full header analysis and
reporting enhancement script 'spamreport'
-----------------------------
My script ''spamreport'' looks for all handling domains and
relay IP's and places them where the orbz robot may find that
information; it also clean up sender info, adds reply info
for closing a feedback loop, and sends it off ...
To: spamreport@owlriver.com
X-Spamreport: yes
X-Spam: ORC
From: spamreport@owlriver.com
Reply-To: spamreport@owlriver.com
Subject: [SPAM] Spam report spamreport 0.09-010823
Received from 193.113.200.44
Received from 198.172.189.111
Received from 198.30.29.10
Received from 198.30.29.42
Received from 210.140.200.52
Received from delimiter
Received: (from herrold@localhost)
Received: from isa01.yahoo.co.jp ([198.172.189.111])
Received: from mailbox.iwaynet.net [198.30.29.10]
Received: from new.owlriver.com [198.30.29.42]
Received: from zorin.glabs.syncordia.net ([193.113.200.44])
(Note that I have mangled the To, the From, and the Reply-To
to try to avoid the bounces of the type 'doc' received.)
------------------------------------------
The orbz robot, being a polite robot, answers its
correspondence, and there was a transient addressing SNAFU --
possibly from my reporter -- possibly from the ORBZ folks, and
the unusual report, in the form described at the orbz homepage
was returned to 'doc'.
I am still in design on parts of my automated reportage -- I
have implemented much; I currently enumerate all IP's finally
sending mail to me hourly, and the hourly top offenders at
spamcop.net; and certain custom full header extracts for
certain content suspicious pieces in real time.
... but content based filtering is much more labor intensive
thatn simply checing for open relays and spam 'fountains'. I
am proceding with care.
-- Russ
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:11:41 EDT