Hi Jarland, Yes, we see this as well - since this morning Pacific Time. They are snow-shoeing too, sending just one or two submissions per web form, presumably to keep a low profile. Same pattern of recipients as you are seeing.
I'm trying to track down the victim software, which seems to be a WordPress plugin. Regards, Ken On Thu, May 26, 2022 at 4:15 PM Jarland Donnell via mailop < mailop@mailop.org> wrote: > Over the last week or so I've noticed an exceptional increase in > outbound emails from my customers to invalid recipients. Obviously this > is problematic but understandable. All of the customers in question run > websites that send an email to confirm registration, and all of the > recipients are properly formatted email addresses. They just don't > exist, and they're increasing at an unusual rate. Others may have the > same going on but may not yet be aware of the pattern. My hope is that > by sharing the pattern others might begin to fight against it as well. > > Here is a look at some censored logs: https://clbin.com/Gxeoo > > Notice the trend being username + 4 digits, primarily at free email > providers and regional ISPs. Examples: > > heidireynoldsplad2...@gmail.com > susanpowersvgjfae2...@cox.net > pabloharveyfhi6...@rediffmail.com > florencenashhqjqj8...@orange.fr > carlosfranklinlydy2...@comcast.net > > It's really off the charts, and it's impacting a wide variety of > customers who have no relation to each other. The only similarity being > that they send out website registration confirmations in all cases. > > Of course, my first theory is forum spam / blog comment spam. Even if > they can't accomplish the spam, they have most likely built complete > automation to handle this process of mass registrations for a wonderful > "spray and pray" technique. Since the email accounts don't exist, > they're most likely hoping that a confirmation isn't actually required > to begin submitting content to the sites that they register on. > > Use this how you will <3 > > Jarland > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > -- Ken Simpson CEO, MailChannels <https://www.mailchannels.com/?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Website> Facebook <http://bit.ly/2dnoP3K> | Twitter <http://bit.ly/2ehoWni> | LinkedIn <http://bit.ly/2dw87lU> | Help Center <https://mailchannels.zendesk.com/hc/en-us?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Help%20Center> Our latest case study video: watch here! <https://www.youtube.com/watch?v=psb41xDIL9k>
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
