richard at buzzhost
Nov 6, 2009, 1:24 AM
Post #2 of 2
(97 views)
Permalink
|
|
Re: Messagelabs sends phish, SA+ClamAV+sanesecurity sigs catches it
[In reply to]
|
|
On Thu, 2009-11-05 at 23:54 -0600, David B Funk wrote:
> I just now found a phish in one of my spamtraps, no surprise there.
> The surprising thing is that it was sent out via a messagelabs.com
> mailserver, complete with headers indicating that it passed their virus
> checks.
> At my end spamassassin using the ClamAV plugin, armed with the
> SaneSecurity sigs detected it. So open source rocks. ;)
>
> The amusing part of this little scenario is that there's a messagelabs
> martetdroid who's been pinging at me to try their e-mail "protection"
> solution.
>
> Sorry Messagelabs/Symantec; not only did your "protection" fail, you're
> helping the bad guys by providing them transport service.
>
I have mixed emotions about Messagelabs. I see plenty of mail from UK
companies that borders on spam coming from Messagelabs. Each time you
raise the issue with abuse, the boilerplate mail comes back but it keeps
going on.
More irritating are the number of spammers who *hide* behind
messagelabs. They outbound through some spam friendly ISP which changes
like the weather, but their inbound is behind Messagelabs to 'protect'
them from the very rubbish they send. Messagelabs supply a feed to the
CBL (which forms part of the Spamhaus ZEN data) and there have been
cases of people emailing abuse[at]messagelabs_customer.tld to find some
issue with mailer configuration that has got *them* listed - which is
ironic.
ESP's and Filter providers exist to make money. With the downturn people
look to cut costs so it's not surprising to see lower quality customers
making use of services like this.
|
