Hi Stefano > From my data I'd say that those MX are MX for PARKED domains at > namecheap (I logged more than 1000 domains using that MX and randomly > checking some of them, they are parked domains). > > I guess it can be safe to drop incoming email from a parked domain.
Strange, todays active domain is: apparty.bid apparty.bid descriptive text "v=spf1 ip4: -all" We do check SPF, so why did this email pass? Is 'ip4:' equivalent to the whole IPv4 space? apparty.bid has SOA record dns1.registrar-servers.com. hostmaster.registrar-servers.com. 2017083103 43200 3600 604800 3601 The SOA has been updated today. Was the SPF entry added after the emails were sent? (Last emails passed at 15:03 UTC+2) And no, the domain does not seem to be parked, the spamversized site is still up (some spaces inserted to avoid triggering URI blacklists) http://too. apparty. bid/Jlonbxkl/bhwzf1631ubg/5KuGNzs_vzBRCLfVUm3BPjXGtbadi7x72PUb6MV-1mA/iHXRdAabXHTVM0Xo2MMQlGhOfm5FLAkFx2XmLw-h1oJt186qc4tzNLPRweBij5gYLQZNbhyVDC6VQuj2Hnat2mFrgl4HDP1qt3x2iKKexOE Redirecting to a site which according to WOT is being spamvertized since 2014. -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
