Jump to content

spammer identified!


couttsj

Recommended Posts

Posted

The good news is that spam originating from domains hosted by monikerdns has tapered off. The bad news is that another one has popped up (started June 21, 2012) with almost the same MO. For example:

1. 199.189.108.250 on port 61865|06:24:43

1. EHLO flotage.deinkdivus.org

1. MAIL FROM:<newsletter[at]deinkdivus.org> BODY=8BITMIME ENVID=2099512

- the domain name in the EHLO matches the IP address

- the domain name in the MAIL FROM matches the EHLO

- IP addresses range from 199.189.108.244 to 199.189.109.62 (Hosting Services, Inc.)

- each domain name is used only once

- domain names are newly registered with domaincontrol.com (GoDaddy)

The major difference is that the reverse lookup (PTR) does not match the forward lookup (A), but this could be because of a restriction imposed by the host.

Posted
The good news is that spam originating from domains hosted by monikerdns has tapered off. The bad news is that another one has popped up (started June 21, 2012) with almost the same MO. ...
Ah, the old game of Whack-a-mole. But worth playing - sooner or later they either run out of playing room or make a terminal mistake, that has to be our article of faith.

Former duplicate post sent to Trash.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...