C-Command Software Forum

Can't filter new "GoDaddy" spoof

Beginning today, I started getting some really heinous spam … spoofing GoDaddy. It comes as a guise of an order conformation for $357.00 bulk renewal (that seems to be consistent in all of them).

However, I can’t find anything to hook onto to filter out. Tried pieces of text, Body (any text part), Any Character Set, few other variables. No luck.

Even removed all godaddy.com entries in my whitelist.

I noticed that the Message-ID is always a variation of … “GDMAILER … dc1.corp.gd”, but there is no Message-ID option in SpamSieve … and every other option I’ve tried doesn’t seem to catch it.

It’s really ticking me off (not the software, the spam)

Has any one else started receiving these? More importantly, any one successfully filter it?

Thanks.

You normally shouldn’t have to do anything special to catch a particular kind of spam. Please see this page to make sure that your setup is correct and/or send in a report.

I’ve been using SpamSieve for years … and have been able to (eventually) find the hook to weed stuff like this out … but this one has been annoyingly resistant.

I haven’t received a report from you, so I’m assuming that you figured it out.

I’m sorry … I didn’t notice you asked for one. Seems the spam died as fast as it started … so it may be moot at this point. But I’ll keep monitoring. If it shows up again, I’ll send you the report.

In two days … over 200 spam messages on this … then nothing.

But (as a suggestion) would it be a good idea to add Message-ID as one of the filtering parameters in a future update?

I have that logged as a feature request. However, I still think that not being able to filter a particular spam is usually a sign of some other problem that should be fixed at the source.

This one was particularly heinous … the spoofed sender (name and address) was identical with the legitimate article … as well as the subject line (the one GoDaddy sends when you renew a domain). The only differences I could see were in the HTML in the message itself (links, etc) and the Message ID.

But doing an “Any Body Text (Contains)” didn’t work.

Like I said, if it shows up again, I’ll send you the report.

Thanks for your diligence.