couttsj Posted June 23, 2012 Posted June 23, 2012 The good news is that spam originating from domains hosted by monikerdns has tapered off. The bad news is that another one has popped up (started June 21, 2012) with almost the same MO. For example: 1. 199.189.108.250 on port 61865|06:24:43 1. EHLO flotage.deinkdivus.org 1. MAIL FROM:<newsletter[at]deinkdivus.org> BODY=8BITMIME ENVID=2099512 - the domain name in the EHLO matches the IP address - the domain name in the MAIL FROM matches the EHLO - IP addresses range from 199.189.108.244 to 199.189.109.62 (Hosting Services, Inc.) - each domain name is used only once - domain names are newly registered with domaincontrol.com (GoDaddy) The major difference is that the reverse lookup (PTR) does not match the forward lookup (A), but this could be because of a restriction imposed by the host.
Farelf Posted June 24, 2012 Posted June 24, 2012 The good news is that spam originating from domains hosted by monikerdns has tapered off. The bad news is that another one has popped up (started June 21, 2012) with almost the same MO. ...Ah, the old game of Whack-a-mole. But worth playing - sooner or later they either run out of playing room or make a terminal mistake, that has to be our article of faith. Former duplicate post sent to Trash.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.