> On Mar 2, 2018, at 12:45 PM, John Johnstone > <jjohnstone-mai...@tridentusa.com> wrote: > > The list washers / validators must be doing a brisk business today. Many use > Amazon hosting in what seems to be an attempt to evade blocking by IP. Aside > from the simple attempts I see some that are trying things like: > > j...@domain.tld > john....@domain.tld > jon....@domain.tld > john-...@domain.tld > jonathon...@domain.tld > j...@domain.tld > > and things even more obscure like > > j...@domain.tld > j...@domain.tld > > with up to 50 various permutations / combinations. > > It seems somebody gave some fairly purposeful thought into coming up with the > algorithms to generate these. I'm curious to know what peoples thinking is > as to the hat color of these attempts. Particularly if there are any > opinions on the risk / need to block them.
They are all trying to extract email addresses from your network without permission, so that they can sell that data to their customers to send unwanted email to your users without permission. It's guessing or "e-pending", not validation. There *are* valid times to *validate* an email address in that manner, but they're rare and they'll only be validating a single user at a time, not trying to dictionary attack your server or play guessing games to try and find an email address for someone they don't have an email address for. Blocking them will reduce the amount of unwanted, non-permissioned email your users receive. That's worth doing if you can do so without too much effort. (Whether pre-emptively blocking all of ec2 is a good idea is a separate conversation). Accepting and discarding them, or rejecting them or discarding them randomly in order to corrupt their data and damage their business model is a fun conversation to have, but not really an operational discussion. Cheers, Steve _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
