[Mimedefang] greylisting and HABEAS_SWE

[dr john halewood]

On Friday 16 Jan 2004 5:37 pm, John Maddalozzo wrote:
> In particular a large amount of pharma spam. Upon looking at
>it it also had headers triggering the HABEAS_SWE test resulting in
>a negative spam score. Is anyone familiar with this compensation
>test and the company behind this header? 

I've just noticed this becoming a problem in the last few days. Habeas 
provide "sender warranted emails" which are supposed to guarantee delivery - 
I'm not sure exactly what the process is but they add some header tags and I 
presume sign it in some way to verify it. As a result, most anti-spam tools 
score Habeas-stamped email negatively. Unfortunately in the last week or so 
I've found that spammers have started forging Habeas-guaranteed emails in 
order to lower their scores on anti-spam filters.
There's a link to report spam containing the Habeas "warrant mark" on their 
home page, and they follow up on it pretty quickly. I doubt however they'll 
have much luck in identifying who actually sent it - the ones I've seen look 
like they've gone through a number or relays and what looks like the 
originating IP appear to be (probably trojaned) dialups in different parts of 
the world (Russia, Brazil and the Philippines to be exact).

cheers
john