Users needed to help test new spam system

We need some users to help us accurately trial a new spam checking filter.

The trial will last around 1-2 weeks. To keep things a bit easier, we require only people that meet the following criteria.

  1. Your spam setting on the Options -> Spam/Virus Protection screen are set to Normal or Aggressive (*not* Basic or Custom), or you’re willing to change to either of those settings
  2. You use the web interface regularly (every day preferably)
  3. Your happy to spend a few minutes each day using the Report spam and Report non-spam actions to report all incorrectly spam checked messages

If you’re interested in helping and meet the above criteria, can you please email your full username (including the @domain part) to and we’ll send you some more instructions.

Posted in Off Topic. Comments Off on Users needed to help test new spam system

Yahoo SMTP accounts sending spam

It appears some spammer must be signing up masses of yahoo accounts and sending spam via yahoo SMTP. Since yahoo only allow SMTP for paid accounts I believe (their MailPlus keeps mentioning POP, but not SMTP), they must be using a lot of stolen credit cards.

Looking at the emails, they all have a common form for their entry point header:

Received: from unknown (HELO (xyz@ with login)
  by with SMTP; 8 Feb 2008 13:21:53 -0000

The “by smtp111…” server varies of course, but the HELO is constant which is a bit strange really, it’s a dead giveaway.

I’ve got a rule to put these on the HOLD queue. Lets do a quick check…

$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO’ | perl -lne ‘print /\(([\w\.]+)\@/’ | wc -l
$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO’ | perl -lne ‘print /\(([\w\.]+)\@/’ | sort | uniq | wc -l

So on one server it’s caught 4143 emails so far, and of those, there’s 4060 unique yahoo accounts being used.

$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO’ | perl -lne ‘print /\@([\d\.]+)/’ | wc -l
$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO’ | perl -lne ‘print /\@([\d\.]+)/’ | sort | uniq | wc -l

As expected, lots of separate IP addresses as well (obviously caught another 2 emails in the intervening time).

$ mailq | grep ‘!’ | cut -d ‘!’ -f 1 | xargs postcat -q | grep ‘HELO’ | perl -lne ‘print /\@([\d\.]+)/’ | sort | uniq | perl -lne ‘print join “.”, reverse(split /\./), “”‘ | xargs dig +short | sort | uniq -c

At least most are on the XBL it seems, so SpamAssassin rules will be catching them.

Obviously trying to get your spam into the world by relaying through a trusted provider is going to be a more and more common way of trying to do things. The interesting thing here was I don’t think I’ve seen anything on this scale before with regard to the number of different accounts being used. Given we’re not the largest provider in the world and this is just one machine, so our email capture rate must be low, whoever is doing this must have a HUGE number of spamming accounts to send from.

Posted in Technical. Comments Off on Yahoo SMTP accounts sending spam

Get every new post delivered to your Inbox.

Join 6,402 other followers