[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Asrg] Spammers probing for whitelisted addresses?

To: ASRG list <asrg at ietf.org>
Subject: [Asrg] Spammers probing for whitelisted addresses?
From: "Walter Dnes" <waltdnes at waltdnes.org>
Date: Thu, 26 Jan 2006 23:43:14 -0500
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-bounces at ietf.org
User-agent: Mutt/1.5.11

  Checking my reject logs, I've noticed a new pattern the past couple of
weeks...
  - *ONE* IP address
  - sends 15 or 50 delivery attempts, approximately 1 attempt 2 every
    seconds
  - the envelope-sender is a legitimate looking address @gmail.com or
    gmx.de or one of several .ru domains

  Another pattern I see occasionally is 3 consecutive attempts from the
same IP address with the same common_first_name at yahoo.com envelope
sender.  Is this an attempt to defeat greylisting?

  If my rules reject the 1st time, they end up rejecting all 3 or 15 or
50 attempts.  The rejection is usually due to rDNS that smells dynamic,
or total lack of rDNS.

-- 
Walter Dnes <waltdnes at waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- [Asrg] RDynamic addresses
  - From: Daniel Feenberg

Prev by Date: Re: [Asrg] Re: Misconceptions about SPF
Next by Date: [Asrg] RDynamic addresses
Previous by thread: [Asrg] Proposal: SMTPCR, a kinder/gentler Challenge/Response
Next by thread: [Asrg] RDynamic addresses
Index(es):
- Date
- Thread