couttsj Posted June 23, 2012 Share Posted June 23, 2012 The good news is that spam originating from domains hosted by monikerdns has tapered off. The bad news is that another one has popped up (started June 21, 2012) with almost the same MO. For example: 1. 220.127.116.11 on port 61865|06:24:43 1. EHLO flotage.deinkdivus.org 1. MAIL FROM:<newsletter[at]deinkdivus.org> BODY=8BITMIME ENVID=2099512 - the domain name in the EHLO matches the IP address - the domain name in the MAIL FROM matches the EHLO - IP addresses range from 18.104.22.168 to 22.214.171.124 (Hosting Services, Inc.) - each domain name is used only once - domain names are newly registered with domaincontrol.com (GoDaddy) The major difference is that the reverse lookup (PTR) does not match the forward lookup (A), but this could be because of a restriction imposed by the host. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.