On 5/25/16 4:40 PM, Michelle Sullivan wrote:
Vick Khera wrote:
On Wed, May 25, 2016 at 3:02 PM, Erwin Harte <eha...@barracuda.com
<mailto:eha...@barracuda.com>> wrote:

     I did a spot check of a recent attack. The email address was
     jabradb...@kanawhascales.com
     <mailto:jabradb...@kanawhascales.com> and it got signed up to 12
     lists during May 17 and 18. Amazingly, whoever is on the other
     end of that address clicked to confirm every one of those
     confirmation messages. All confirmation clicks appear to come
     from a netblock owned by Barracuda Networks... Hmm...
     Which netblock was that?


64.235.144.0/20 <http://64.235.144.0/20>

Specifically: 64.235.154.109,
64.235.153.2, 64.235.150.252, 64.235.153.10, 64.235.154.105, 64.235.154.109


Single click through?  (as in everything in the URL?) - if so probably
automated mail scanning.

That's what I expect as well. Those addresses are all from ESS (https://www.barracuda.com/products/emailsecurityservice) which does 'intent' checking.

--Erwin

===========================================================


Considering Office 365?  Barracuda security and storage solutions can help. 
Learn more about Barracuda solutions for Office 365 at 
http://barracuda.com/office365.

DISCLAIMER:
This e-mail and any attachments to it contain confidential and proprietary 
material of Barracuda, its affiliates or agents, and is solely for the use of 
the intended recipient. Any review, use, disclosure, distribution or copying of 
this transmittal is prohibited except by or on behalf of the intended 
recipient. If you have received this transmittal in error, please notify the 
sender and destroy this e-mail and any attachments and all copies, whether 
electronic or printed.


_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to