Jump to content

spammer identified!


couttsj
 Share

Recommended Posts

The good news is that spam originating from domains hosted by monikerdns has tapered off. The bad news is that another one has popped up (started June 21, 2012) with almost the same MO. For example:

1. 199.189.108.250 on port 61865|06:24:43

1. EHLO flotage.deinkdivus.org

1. MAIL FROM:<newsletter[at]deinkdivus.org> BODY=8BITMIME ENVID=2099512

- the domain name in the EHLO matches the IP address

- the domain name in the MAIL FROM matches the EHLO

- IP addresses range from 199.189.108.244 to 199.189.109.62 (Hosting Services, Inc.)

- each domain name is used only once

- domain names are newly registered with domaincontrol.com (GoDaddy)

The major difference is that the reverse lookup (PTR) does not match the forward lookup (A), but this could be because of a restriction imposed by the host.

Edited by couttsj
Link to comment
Share on other sites

The good news is that spam originating from domains hosted by monikerdns has tapered off. The bad news is that another one has popped up (started June 21, 2012) with almost the same MO. ...
Ah, the old game of Whack-a-mole. But worth playing - sooner or later they either run out of playing room or make a terminal mistake, that has to be our article of faith.

Former duplicate post sent to Trash.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...