Re: [mailop] Spam received from ips with forged reverse names

Fri, 06 Jan 2023 09:04:55 -0800 

For the record, this has been going on for some time...
You know it is a bullet proof hoster when...
You see those companies on RBL's really quickly. Surprised that many well known hosters don't simply do a PTR walk on their own IP Space, reveals quite quickly the miscreants. It's #NOTHATHARD ;)
If all hosting companies did two simple things, they would catch most of the bad actors, before their IP space got blacklisted. 

On 2023-01-05 13:46, Serizy via mailop wrote:

Hello.
I would like to report here a spam source that is sending messages to some of our users. Interestingly this source is using forged reverse names for their ips, and they are using many different ips in what seems a snowshoe pattern.
The domains used for their reverse names, PTR records, are “stolen” from other public companies, even Microsoft or Google!
Has anyone seen this pattern? Are they trying to steal reputation from these domains?  Almost all messages received end in spam folder, but what worries me is that, the PTR resolves to the fake hostname, but the host name doesn’t resolve to the ip, logically…and the messages go to the user mailbox in Outlook.com
All messages come from same source, they all show the same footer, with different company/database name, but same physical address…they belong to the same sender company, of course, that points to be Rodlandsky. 

Is there any way to report this? Shouldn’t be even legal I think.
I’ll post here most samples i got from the users mailbox, for your review, as you can see, there are lots of ips pointing to forged host names with domains that they don’t own: 

Received: fromr81.e-mails.microsoft.com(5.105.205.36)
Date: Thu, 22 Dec 2022 08:09:41 +0100
;
Received: frommta.adriatics.eucerin.com(200.234.137.46)
Date: Tue, 20 Dec 2022 09:26:34 +0100
;
Received: fromeoei.mta7.appspot.com(20.185.222.69)
Date: Fri, 30 Dec 2022 05:09:19 +0100
;
Received: fromebifccidhbfd.ams03.turbo-smtp.net(103.180.85.188)
Date: Tue, 27 Dec 2022 16:11:06 +0100
;
Received: from mx01.cruncher.email (115.126.32.242)
Date: Sat, 24 Dec 2022 05:09:00 +0100
;
Received: frommail.projectseven.com(200.234.157.51)
Date: Mon, 26 Dec 2022 03:43:00 +0100
;
Received: frommta.deliver.purdue.edu(212.236.83.49)
Date: Tue, 27 Dec 2022 05:49:15 +0100
;
Received: frommta.fr.page.com(200.234.159.125)
Date: Mon, 26 Dec 2022 13:06:12 +0100
;
Received: frommailing.agrealestate.eu(212.236.153.158)
Date: Sun, 01 Jan 2023 14:19:19 +0100
;
Received: frommta.email.interepargne.natixis.com(139.190.109.57)
Date: Tue, 20 Dec 2022 22:36:38 +0100
;
Received: frommta.comm.hanglungmalls.com(5.105.133.174)
Date: Thu, 22 Dec 2022 18:47:25 +0100
;
Received: frommailing.makeinternetfair.eu(5.105.146.211)
Date: Sat, 24 Dec 2022 16:30:43 +0100
;
Received: frommta.email.dominionenergysc.com(115.126.39.182)
Date: Sun, 25 Dec 2022 19:19:31 +0100
;
Received: frommta.palvelut.lexus.fi(5.105.152.110)
Date: Sat, 24 Dec 2022 16:29:36 +0100
;
Received: fromo185.p8.mailjet.com(212.236.116.176)
Date: Tue, 27 Dec 2022 18:06:24 +0100
;
Received: frommailing.whoman.be(5.105.140.222)
Date: Tue, 20 Dec 2022 21:23:41 +0100
;
Received: frommta.franciscanhealth-email.org(114.66.160.188)
Date: Fri, 23 Dec 2022 12:18:47 +0100
;
Received: frommailing.dommelroute.be(212.236.119.33)
Date: Sat, 24 Dec 2022 05:13:43 +0100
;
Received: fromrelay-001.mailer.nexxtmove.me(200.239.192.62)
Date: Sun, 25 Dec 2022 16:04:50 +0100
;
Received: frommta99d8.r.grouponmail.fr(5.105.145.217)
Date: Wed, 28 Dec 2022 10:00:18 +0100
;
Received: frommail-io1-f100.google.com(200.239.241.28)
Date: Fri, 30 Dec 2022 14:33:27 +0100
;
Received: frompr81.mxout.mta2.net(200.234.136.92)
Date: Thu, 29 Dec 2022 08:34:06 +0100
;
Received: frommailing.pvi.be(139.190.109.253)
Date: Tue, 20 Dec 2022 21:14:14 +0100
;
Received: frommail.projectseven.com(114.66.162.153)
Date: Thu, 22 Dec 2022 04:17:16 +0100
;
Received: frommta.mail.payingtoomuch.com(200.239.194.171)
Date: Thu, 22 Dec 2022 12:17:38 +0100
;
Received: frommta.traveladvisors.exoticca.com(200.239.194.240)
Date: Fri, 23 Dec 2022 08:08:47 +0100
;
Received: fromo1.email.dossierdata.nl(5.105.167.21)
Date: Tue, 20 Dec 2022 14:14:57 +0100
;
Received: frommta057234.operations.smartbox.com(5.105.154.89)
Date: Mon, 26 Dec 2022 12:21:19 +0100
;
Received: frommail.rpr-spa.it(200.239.201.200)
Date: Fri, 23 Dec 2022 07:55:00 +0100
;
Received: frommail3.ept.de(200.234.157.188)
Date: Mon, 26 Dec 2022 14:00:51 +0100
;
Received: frommail5.mxc.infra.improvmx.com(87.246.22.41)
Date: Wed, 28 Dec 2022 12:09:53 +0100
;
Received: frommta.email.onduo.com(177.37.10.95)
Date: Thu, 29 Dec 2022 08:52:29 +0100
;
Received: frome96.umail.jobcase.com(212.236.82.81)
Date: Fri, 30 Dec 2022 19:14:01 +0100
;
Received: frommta.mail1.editions-heritage.com(5.105.133.194)
Date: Sat, 24 Dec 2022 16:09:09 +0100
;
Received: frommta010.addemar.com(5.105.154.222)
Date: Fri, 30 Dec 2022 23:48:58 +0100
;
Received: frompr73.mxout.mta2.net(74.117.117.220)
Date: Tue, 03 Jan 2023 11:11:40 +0100
;
Received: frommta.coindesk-email.com(212.236.152.6)
Date: Mon, 02 Jan 2023 15:36:58 +0100
;
Received: fromo23.email.airbnb.com(200.239.214.250)
Date: Tue, 20 Dec 2022 10:42:25 +0100
;
Received: fromxserv21474mail04.hybridserver.at(185.233.124.80)
Date: Sat, 24 Dec 2022 17:02:19 +0100
;
Received: frommta.digital.ag2rlamondiale.fr(5.105.154.156)
Date: Sun, 25 Dec 2022 21:28:39 +0100
;
Received: frommta20.link.reebok.com(5.105.144.153)
Date: Mon, 26 Dec 2022 21:48:06 +0100
;
Received: frommailing.kvim.be(114.66.188.128)
Date: Tue, 27 Dec 2022 13:03:24 +0100
;
Received: frommta.info.openluchtmuseum.nl(5.105.213.184)
Date: Wed, 28 Dec 2022 14:04:08 +0100
;
Received: frommailing.nobtra.nl(5.105.145.50)
Date: Thu, 29 Dec 2022 19:34:31 +0100
;
Received: fromtargetpackagingmail.esko-saas.com(212.236.154.9)
Date: Fri, 30 Dec 2022 20:49:37 +0100
;
Received: fromr75.e-mails.microsoft.com(114.66.190.15)
Date: Sat, 31 Dec 2022 16:31:41 +0100
;
Received: frommail2.mxc.infra.improvmx.com(5.105.167.100)
Date: Mon, 19 Dec 2022 13:11:53 +0100
;
Received: frommta99d8.r.grouponmail.fr(5.105.159.89)
Date: Mon, 26 Dec 2022 19:45:33 +0100
;
Received: frommail4852.email.marimekko.com(185.199.199.199)
Date: Wed, 28 Dec 2022 19:02:09 +0100
;
Received: frommail.owentrepanier.com(5.105.144.5)
Date: Fri, 30 Dec 2022 14:09:35 +0100
;
Received: from mta.crm.toyota.com.cy (5.105.133.199)
Date: Sun, 01 Jan 2023 09:19:56 +0100
;
Received: fromo183.p8.mailjet.com(5.105.152.117)
Date: Tue, 20 Dec 2022 09:30:41 +0100
;
Received: frommailing.publi4u.be(212.236.117.159)
Date: Sat, 24 Dec 2022 12:19:19 +0100
;
Received: frommailgw.schoofs-gruppe.de(5.105.173.122)
Date: Tue, 27 Dec 2022 11:18:57 +0100
;
Received: frommta4.link.dach-hellofresh.com(200.239.192.229)
Date: Thu, 29 Dec 2022 14:31:11 +0100
;
Received: frommta.email.interepargne.natixis.com(177.136.245.194)
Date: Sat, 31 Dec 2022 11:59:58 +0100
;
Received: frommta.news.wenz.com(200.234.163.26)
Date: Tue, 20 Dec 2022 16:56:04 +0100
;
Received: frommta063.addemar.com(103.182.100.135)
Date: Sun, 25 Dec 2022 08:08:13 +0100
;
Received: frommta.samsonite-email.com(114.66.162.59)
Date: Sat, 31 Dec 2022 07:24:33 +0100
;
Received: frommail2.adm-group.com(200.234.158.238)
Date: Sun, 01 Jan 2023 05:40:52 +0100
;
Received: fromSN6PR01CA0017.prod.exchangelabs.com(2603:10b6:805:b6::30)
Received: frommta35.link.adidas.com(87.246.22.29)
Date: Thu, 29 Dec 2022 21:35:27 +0100
;
Received: frommail.opp.org(5.105.173.103)
Date: Fri, 30 Dec 2022 22:17:32 +0100
;
Received: frommta2.link.aunz-hellofresh.com(74.117.118.131)
Date: Sun, 01 Jan 2023 19:05:17 +0100
;
Received: from mta.mail.campeagle.camp (177.136.247.10)
Date: Sun, 25 Dec 2022 16:47:33 +0100
;
Received: frommail1.blastingnews-mail.com(74.117.116.51)
Date: Mon, 26 Dec 2022 04:22:28 +0100
;
Received: frommailing.parcours.nl(200.234.138.56)
Date: Tue, 27 Dec 2022 19:44:55 +0100
;
Received: frommta.quintessence.hotelspreference.com(87.246.23.161)
Date: Wed, 28 Dec 2022 15:57:34 +0100
;
Received: frommta.comunicacion.psafinance.es(5.105.155.25)
Date: Fri, 23 Dec 2022 05:00:52 +0100
;
Received: frommta5.mail.all.com(200.234.138.96)
Date: Sun, 25 Dec 2022 11:38:55 +0100
;
Received: frommail.rgs-seipp.de(5.105.128.9)
Date: Tue, 27 Dec 2022 17:47:12 +0100
;
Received: from mail.inguat.gob.gt (114.66.161.40)
Date: Wed, 28 Dec 2022 21:09:22 +0100
;
Received: frommail.liyaotools.com(5.105.133.115)
Date: Fri, 23 Dec 2022 08:43:42 +0100
;
Received: frommail.rivermediallc.com(200.239.243.206)
Date: Tue, 27 Dec 2022 21:44:55 +0100
;
Received: frommta.panels.mediametrie.fr(200.239.202.176)
Date: Mon, 19 Dec 2022 17:46:40 +0100
;
Received: frompr139.mxout.mta2.net(139.190.108.183)
Date: Tue, 27 Dec 2022 07:00:02 +0100
;
Received: frommail.pubradio.org(139.190.109.109)
Date: Fri, 30 Dec 2022 05:51:31 +0100
;
Received: frommail.pubradio.org(5.105.128.155)
Date: Sun, 25 Dec 2022 14:25:53 +0100
;
Received: fromebifccidhcee.ams03.turbo-smtp.net(200.234.161.57)
Date: Mon, 26 Dec 2022 05:32:46 +0100
;
Received: frommta.email.audemarspiguet.com(212.236.226.3)
Date: Tue, 20 Dec 2022 13:55:03 +0100
;
Received: frommta.e.huntermtn.com(5.105.205.130)
Date: Wed, 28 Dec 2022 05:08:44 +0100
;
Received: frommta007.addemar.com(5.105.144.152)
Date: Sun, 25 Dec 2022 11:35:35 +0100
;
Received: frommta29.em.target.com(5.105.153.74)
Date: Sat, 31 Dec 2022 16:05:21 +0100
;
Received: frommta.kelleher-matchmaking.com(200.234.136.120)
Date: Sun, 25 Dec 2022 11:44:34 +0100
;
Received: fromo11.emails.geni.com(103.188.110.119)
Date: Sat, 31 Dec 2022 21:03:17 +0100
;
Received: from mta.mailer.scalable.capital (200.239.192.248)
Date: Sun, 01 Jan 2023 21:43:20 +0100
;
Received: frommail.lischke.com(200.239.242.24)
Date: Tue, 03 Jan 2023 16:31:43 +0100
;
Received: from r2ggv9cgfpw3 (183.154.119.142)
Date: Thu, 29 Dec 2022 22:07:36 +0800
;
Received: frommail.junglepowered.com(5.105.205.154)
Date: Wed, 28 Dec 2022 07:29:32 +0100
;
Received: frommta.news.auchan.ro(185.199.198.36)
Date: Fri, 30 Dec 2022 11:42:19 +0100
;
Received: frommail.dolde.de(114.66.191.245)
Date: Wed, 21 Dec 2022 05:53:01 +0100
;
Received: frommta.mc.iit.edu(200.234.145.34)
Date: Thu, 22 Dec 2022 14:06:09 +0100
;
Received: fromsmtp12.ymlpsvr.com(185.83.51.21)
Date: Mon, 26 Dec 2022 16:48:48 +0100
;
Received: frommta.email.askteamclean.com(200.239.213.237)
Date: Sun, 25 Dec 2022 16:34:28 +0100
;




_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to