Spam with links to Twitter RSS Back to forum
@Matt Reed:
the ideal solution would be to test the URLs found in such emails against the blacklist of t.co, but unfortunately Twitter has no public blacklist of harmful/suspicious t.co converted links. Another possible solution is blacklisting all emails coming from aol.com addresses with t.co-shortened URLs in them, though this may come with some false positives (if your recipients receive legitimate emails from Twitter users using AOL accounts). If you have the Auto Sender Whitelist test enabled, it will lower the risk.
I can build a regex for this, please send us some MIME samples of these emails (header included) to . EML is the preferred format. The MIME header can be retrieved by opening the email in Outlook and selecting View | Options... from the main menu. If you use another email client and do not know how to retrieve the email headers, please visit http://www.spamcop.net/fom-serve/cache/19.html for instructions. The more recent the samples the better.
I have been getting a rash of spam emails, from AOL accounts.
Withing the email is a link to a twitter account/message. t.co/m2aq2qia
The link was flagged by Twitter - "This link has been flagged as potentially harmful."
SORBS replies to the email server address as 127.0.0.6, the email passes checks.
How can I stop this spam?
What other information would you need to see to help me?
Below is the listing from ORF (recipient address changed.)
Version: 4.4 REGISTERED
Log Mode: Verbose
Server: sr1.domain.local
Source: SMTPSVC-1
Time: 1/29/2012 2:35:03 AM
Class: Pass
Severity: Information
Actions: (not available)
Filtering Point: Before Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 205.188.255.12
Message ID: (not available)
Email Subject: (not available)
Sender:
Recipient(s):
*
Message:
Recipient passed checks.
Version: 4.4 REGISTERED
Log Mode: Verbose
Server: sr1.domain.local
Source: SMTPSVC-1
Time: 1/29/2012 2:35:04 AM
Class: Pass
Severity: Information
Actions: (not available)
Filtering Point: On Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 205.188.255.12
Message ID: <>
Email Subject: Fwd: Promos from Southwest Airline Corp
Sender:
Recipient(s):
*
Message:
Email passed checks.