Spam with links to Twitter RSS

1

I have been getting a rash of spam emails, from AOL accounts.
Withing the email is a link to a twitter account/message. t.co/m2aq2qia
The link was flagged by Twitter - "This link has been flagged as potentially harmful."

SORBS replies to the email server address as 127.0.0.6, the email passes checks.

How can I stop this spam?
What other information would you need to see to help me?

Below is the listing from ORF (recipient address changed.)

Version: 4.4 REGISTERED
Log Mode: Verbose
Server: sr1.domain.local
Source: SMTPSVC-1
Time: 1/29/2012 2:35:03 AM
Class: Pass
Severity: Information
Actions: (not available)
Filtering Point: Before Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 205.188.255.12
Message ID: (not available)
Email Subject: (not available)
Sender:
Recipient(s):
*
Message:
Recipient passed checks.

Version: 4.4 REGISTERED
Log Mode: Verbose
Server: sr1.domain.local
Source: SMTPSVC-1
Time: 1/29/2012 2:35:04 AM
Class: Pass
Severity: Information
Actions: (not available)
Filtering Point: On Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 205.188.255.12
Message ID:
Email Subject: Fwd: Promos from Southwest Airline Corp
Sender:
Recipient(s):
*
Message:
Email passed checks.

by Matt Reed 7 years ago
2

@Matt Reed: the ideal solution would be to test the URLs found in such emails against the blacklist of t.co, but unfortunately Twitter has no public blacklist of harmful/suspicious t.co converted links. Another possible solution is blacklisting all emails coming from aol.com addresses with t.co-shortened URLs in them, though this may come with some false positives (if your recipients receive legitimate emails from Twitter users using AOL accounts). If you have the Auto Sender Whitelist test enabled, it will lower the risk.

I can build a regex for this, please send us some MIME samples of these emails (header included) to . EML is the preferred format. The MIME header can be retrieved by opening the email in Outlook and selecting View | Options... from the main menu. If you use another email client and do not know how to retrieve the email headers, please visit http://www.spamcop.net/fom-serve/cache/19.html for instructions. The more recent the samples the better.

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed