On 5/25/16 4:40 PM, Michelle Sullivan wrote:
Vick Khera wrote:
On Wed, May 25, 2016 at 3:02 PM, Erwin Harte <eha...@barracuda.com
<mailto:eha...@barracuda.com>> wrote:
I did a spot check of a recent attack. The email address was
jabradb...@kanawhascales.com
<mailto:jabradb...@kanawhascales.com> and it got signed up to 12
lists during May 17 and 18. Amazingly, whoever is on the other
end of that address clicked to confirm every one of those
confirmation messages. All confirmation clicks appear to come
from a netblock owned by Barracuda Networks... Hmm...
Which netblock was that?
64.235.144.0/20 <http://64.235.144.0/20>
Specifically: 64.235.154.109,
64.235.153.2, 64.235.150.252, 64.235.153.10, 64.235.154.105, 64.235.154.109
Single click through? (as in everything in the URL?) - if so probably
automated mail scanning.
That's what I expect as well. Those addresses are all from ESS
(https://www.barracuda.com/products/emailsecurityservice) which does
'intent' checking.
--Erwin
===========================================================
Considering Office 365? Barracuda security and storage solutions can help.
Learn more about Barracuda solutions for Office 365 at
http://barracuda.com/office365.
DISCLAIMER:
This e-mail and any attachments to it contain confidential and proprietary
material of Barracuda, its affiliates or agents, and is solely for the use of
the intended recipient. Any review, use, disclosure, distribution or copying of
this transmittal is prohibited except by or on behalf of the intended
recipient. If you have received this transmittal in error, please notify the
sender and destroy this e-mail and any attachments and all copies, whether
electronic or printed.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop