How do I whitelist this notice from HP?

Vernon Schryver vjs@calcite.rhyolite.com
Wed Apr 3 18:15:39 UTC 2002


> From: Gary Mills <mills@cc.UManitoba.CA>

> This message would have been rejected by dccm if I had been running
> it with rejection enabled.  The envelope sender is
> `Hewlett-Packard.67d9j11n.fk@hpccm.p0.com'.  The SMTP peer is
> `c1m07.postdirect.com'.  Both of those look variable to me.
> Is is possible to whitelist such messages?
> ...

> Return-Path: <Hewlett-Packard.67d9j11n.fk@hpccm.p0.com>
> X-Sieve: cmu-sieve 2.0
> Received: from c1m07.postdirect.com (c1m07.postdirect.com [64.14.218.141])
> 	by electra.cc.umanitoba.ca (8.12.2/8.12.2) with ESMTP id g32LK1Su021813
> 	for <kdc@cc.umanitoba.ca>; Tue, 2 Apr 2002 15:20:02 -0600 (CST)
> Received: from postdirect.com (c1g2.postdirect.com [64.14.218.158])
> 	by c1m07.postdirect.com (8.8.8/) with ESMTP id NAA04293
> 	for <kdc@cc.umanitoba.ca>; Tue, 2 Apr 2002 13:21:04 -0800 (PST)
> Message-Id: <200204022121.NAA04293@c1m07.postdirect.com>
> DATE: Tue, 02 Apr 2002 13:19:53 PST
> FROM: Hewlett-Packard <Hewlett-Packard.67d9j11n.fk@hpccm.p0.com>
> SUBJECT: Safety Recall Notice
> TO: "Ken De Cruyenaere" <kdc@cc.UManitoba.CA>
> X-DCC-UofM-Metrics: electra 1032; Body=1 Fuz1=240 Fuz2=241

At my DCC server, dccproc -QC of that message says
    X-DCC--Metrics: calcite.rhyolite.com 101; Body=0 Fuz1=366 Fuz2=367
which shows that it is another 140 more copies of the mssage have been
reported since it was seen by UofM.  That is more people than I would
have guessed own those printers among current DCC users.

Whitelisting that source by envelope or header From value looks hard,
because those headers suggest they use unique source addresses for
each bulk mail campaign.  Instead I would try to find the IP addresses
of Yesmail's sending systems.  Perhaps this web page is accurate:
http://groups.google.com/groups?as_umsgid=%3Ccourier.397376D1.00004946%40ny.email-scan.com%3E

I had to refresh recollections triggered by "yesmail," "postdirect.com,"
and "p0.com" with
http://groups.google.com/groups?q=+%22postdirect.%2Bcom%22+group%3Anews.admin.net-abuse.sightings
http://groups.google.com/groups?q=+%22p0.%2Bcom%22+group%3Anews.admin.net-abuse.sightings
http://groups.google.com/groups?q=yesmail+group%3Anews.admin.net-abuse.sightings
and suggested my personal spam logs,
http://my.yesmail.com/

Changing "sightings" to "email" in those Goggle URLS gets plenty
of commentary.

Without intending to suggest that anyone do the same, I think I'll
take my chances on being electrocuted.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.