There is only one rule that is triggerd KAM_INFOUSMEBIZ Yes I have RBLs set and they are not on any lists and the size of the message ? it is small just txt.. example below..

From: Checking Account [mailto:CheckingAccount at try-somewonderfuldealz.us]
Sent: Friday, May 02, 2014 4:12 AM
Subject: Been-denied for a checking account? We will approve-you


Second Chance Checking Account
----------------------------------

Have you been denied for a bank account because of credit issues?

Everyone needs a checking account...We accepts all applicants!


Go here to find out more: http://host.try-somewonderfuldealz.us




-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Terry Hulen Jr
Sent: May-02-14 8:32 AM
To: MailScanner discussion
Subject: Re: Spam from .us domains

We are not getting hammered at the moment. What are your spam
assassin results? What are the sizes of the messages? Do you have
RBLs set?
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

I?ve noticed an uptick, but the IPs seem to get listed by SpamHaus
pretty quickly, so the damage here is minor.
There?s (of course) a lot of valid mail ending in .us.

For those of us who are easily amused, a random sample of domains:

buildyournew-shednow.us
getmoney-whenyouneedto.us
trythisnew-kindoftubnow.us
younewrate-drop-info.us
yourecentpolicy-notice.us
yourmustsee-autodealz.us
yournewvision-healthinfo.us

We?re also seeing the same sort of thing from the .me TLD (Montenegro), but
the naming algorithm differs. Some hostnames:

algal.futureexplain.me
allseed.wrongwisdom.me
fumingly.wetpicture.me
interwarring.warmrake.me
otoneurasthenia.cleandustpan.me
polyploidy.amongstalk.me
resought.bentwasher.me
toyless.hangingexperience.me

A toyless hanging experience? Does not sound like fun.

That's exactly what I've been seeing. I'm seriously considering a custom rule to add 2-3 points to all .me domains, draconic as it sounds, I don't think that will seriously impact my users with FPs.

Return-Path: <?g>
Received: from try-somewonderfuldealz.us ([31.192.241.106])
by mx1.danada.ca (8.14.4/8.14.4) with ESMTP id s42BGSn5023606
for <jim at danada.ca>; Fri, 2 May 2014 04:17:37 -0700
Date: Fri, 02 May 2014 04:11:38 -0700
Content-Type: text/plain
Message-ID: <18291106.13013233 at try-somewonderfuldealz.us>
From: "Checking Account" <CheckingAccount at try-somewonderfuldealz.us>
Subject: Been-denied for a checking account? We will approve-you
Mime-Version: 1.0

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: May-02-14 9:15 AM
To: MailScanner discussion
Subject: Re: Spam from .us domains

Got a sample header?

On Fri, May 2, 2014 at 4:57 PM, Philip Parsons <pparsons at techeez.com<mailto:pparsons at techeez.com>> wrote:
Is anyone else getting hammered by spam saying it is from .us domains ? If have you figured a way to stop it yet ?

Thank you
P Parsons
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--
Jerry Benton
Mailborder Systems
www.mailborder.com<http://www.mailborder.com>

--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140502/f99b0acc/attachment.html