February 10, 2012

L2.APEWS.ORG False Positive #12

This is another from the travel and tourism newsletters, not sure yet if the listing is tied to the recent "infomercials". We will check the listing, and delisting if it occurs, in due course. The email header follows;

Thur 2012-02-09 16:47:29: [60:170] Accepting SMTP connection from [98.158.230.106]
Thur 2012-02-09 16:47:29: [60:170] Looking up PTR record for 98.158.230.106 (106.230.158.98.IN-ADDR.ARPA)
Thur 2012-02-09 16:47:30: [60:170] D=106.230.158.98.IN-ADDR.ARPA TTL=(59) PTR=[business-travelupdate.com]
Thur 2012-02-09 16:47:30: [60:170] Gathering A-records for PTR hosts
Thur 2012-02-09 16:47:30: [60:170] D=business-travelupdate.com TTL=(1440) A=[98.158.230.106]
Thur 2012-02-09 16:47:30: [60:170] --> 220 xxx.xxx.xxx ESMTP MDaemon 6.7.9; Thur, 09 Feb 2012 16:47:30 -0500
Thur 2012-02-09 16:47:30: [60:170] <-- EHLO business-travelupdate.com
Thur 2012-02-09 16:47:30: [60:170] Performing reverse lookup on business-travelupdate.com (looking for 98.158.230.106)
Thur 2012-02-09 16:47:30: [60:170] D=business-travelupdate.com TTL=(1440) A=[98.158.230.106]
Thur 2012-02-09 16:47:30: [60:170] --> 250-xxx.xxx.xxx Hello business-travelupdate.com, pleased to meet you
Thur 2012-02-09 16:47:30: [60:170] --> 250-ETRN
Thur 2012-02-09 16:47:30: [60:170] --> 250-AUTH=LOGIN
Thur 2012-02-09 16:47:30: [60:170] --> 250-AUTH LOGIN CRAM-MD5
Thur 2012-02-09 16:47:30: [60:170] --> 250-8BITMIME
Thur 2012-02-09 16:47:30: [60:170] --> 250 SIZE 0
Thur 2012-02-09 16:47:31: [60:170] <-- MAIL FROM:
Thur 2012-02-09 16:47:31: [60:170] Performing reverse lookup on business-travelupdate.com (looking for 98.158.230.106)
Thur 2012-02-09 16:47:31: [60:170] D=business-travelupdate.com TTL=(1439) A=[98.158.230.106]
Thur 2012-02-09 16:47:31: [60:170] Spam Blocker A-record resolution of [106.230.158.98.L2.APEWS.ORG] in progress (DNS Server: 192.168.1.2)...
Thur 2012-02-09 16:47:31: [60:170] Spam Blocker D=106.230.158.98.L2.APEWS.ORG TTL=(35) A=[127.0.0.2]
Thur 2012-02-09 16:47:31: [60:170] L2.APEWS.ORG LISTED
Thur 2012-02-09 16:47:31: [60:170] Message will be accepted and X-RBL-Warning: header will be inserted.
Thur 2012-02-09 16:47:31: [60:170] --> 250 , Sender ok
Thur 2012-02-09 16:47:31: [60:170] <-- RCPT TO:
Thur 2012-02-09 16:47:31: [60:170] --> 250 , Recipient ok
Thur 2012-02-09 16:47:31: [60:170] <-- DATA
Thur 2012-02-09 16:47:31: [60:170] --> 354 Enter mail, end with .
Thur 2012-02-09 16:47:31: [60:170] --> 250 Ok, message saved
Thur 2012-02-09 16:47:31: [60:170] <-- QUIT
Thur 2012-02-09 16:47:31: [60:170] --> 221 See ya in cyberspace
Thur 2012-02-09 16:47:31: [60:170] SMTP session successful, 1453 bytes transferred.
Thur 2012-02-09 16:47:31: [60:170] Shuffling message(s) into proper queue(s)
Thur 2012-02-09 16:47:31: [60:170] Message received from business-travelupdate.com [98.158.230.106] with SMTP for [Size 1419] {j:\localq\500019.msg}

You may see fluctuations in your statistics which could be due to the rotation between IP addresses that some newsletter senders do. Where one IP address is listed and another is not, the newsletter will alternate between the spam folder and the inbox unless you have the IP address in your whitelist and/or a filter to move mis-placed emails.