couttsj Posted February 6, 2012 Share Posted February 6, 2012 I do not know if this is of any interest to anyone, but this morning I recovered the following information from a spam-Bot. The following MAIL FROM:s were used: MAIL FROM: <admin[at]quickbooks.com> x 8 MAIL FROM: <antifraud[at]quickbooks.com> x 13 MAIL FROM: <security[at]quickbooks.com> x 11 MAIL FROM: <software[at]quickbooks.com> x 7 MAIL FROM: <tools[at]quickbooks.com> x 6 MAIL FROM: <update[at]quickbooks.com> x 9 MAIL FROM: <updates[at]quickbooks.com> x 8 with the following IPs: 109.154.63.231 x 2 109.97.6.224 x 2 159.205.219.95 178.128.70.147 188.220.119.204 46.148.0.142 62.194.50.27 77.98.17.91 78.232.57.126 x 4 79.189.244.14 80.30.20.98 80.5.174.208 81.193.134.101 81.60.38.4 81.9.184.204 82.176.16.53 83.128.58.174 x 2 83.161.193.244 83.57.198.198 x 3 84.124.190.183 x 3 84.125.33.188 x 3 85.152.18.193 85.49.240.245 x 2 85.49.240.245 86.10.70.108 x 20 86.43.101.5 87.206.61.134 x 2 94.170.206.76 94.171.159.156 This was over less than 3 hours and the run is still ongoing. Unfortunately, I cannot report this to SpamCop through normal channels because I don't actually receive the attempted emails. J.A. Coutts Link to comment Share on other sites More sharing options...
Geek Posted February 6, 2012 Share Posted February 6, 2012 You have the emails, you have the IP's.... dump them into StopForumSpam - they'll be added to blacklists from there Cheers! Link to comment Share on other sites More sharing options...
couttsj Posted February 6, 2012 Author Share Posted February 6, 2012 You have the emails, you have the IP's.... dump them into StopForumSpam - they'll be added to blacklists from there Cheers! That's the problem, I don't have the emails because there are no valid email addresses for this particular domain. But that does not stop the spammers from trying. I simply record the connecting IP, the HELO/EHLO, and the MAIL FROM:. Then I issue a 553 error and wait for the spammer to disconnect. So in my humble opinion, all of the 500 to 900 attempted connections per day are spammers. There is the odd attempt to bounce mail after receiving it, but as far as I am concerned, that's spam too. The list submitted above I have identified as a single bot network because of the similarities in connection data. Most spam these days originates in Asia, Eastern Europe, or South America. This one is different in that all of the originating IPs are from Europe. I looked at StopForumSpam, but as far as I can tell you have to input them one at a time, and that is too laborious. If you know of a better way to submit multiple entries, please let me know. J.A. Coutts Link to comment Share on other sites More sharing options...
turetzsr Posted February 7, 2012 Share Posted February 7, 2012 <snip> as far as I can tell you have to input them one at a time, and that is too laborious. ...Just submit the ones you have the time and inclination to submit. You could also send evidence to the abuse addresses of the IP addresses that are sending the spam; perhaps you can automate the process of sending such complaints if you can find a way of retrieving the abuse address from Abuse.net or IP Regional Internet Registry (RIPE, etc). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.