On 31 Aug 2017, at 11:35, Paul Smith wrote:
On 31/08/2017 16:15, Benoit Panizzon wrote:
Strange, todays active domain is: apparty.bid
apparty.bid descriptive text "v=spf1 ip4: -all"
We do check SPF, so why did this email pass? Is 'ip4:' equivalent to
the whole IPv4 space?
No, that's an inv
Adding to this, I've received the same emails over the last few weeks.
I've been able to filter by increasing the SpamAssassin points of pyzor and
failing rDNS, because otherwise this spam isn't setting off any flags.
I'm curious Benoit, did the emails stop on 8/24, then resume on 8/30 for you a
On 31 Aug 2017, at 9:36, Grant Taylor via mailop wrote:
On 08/31/2017 09:32 AM, Luis E. Muñoz via mailop wrote:
I believe they misspelled "v=spf1 -all"
Why would a spammer purposely use a SPF record that states that no
email is sent?
That seems like it would be the exact opposite of the ve
Fine ladies and gentlemen of the email world,
Is anyone noticing MS being particularly temperamental lately? I think it's a
known fact that MS is not fond new IPs. At least from my experience, a new
dedicated IP takes weeks to go 'green' and initial open rates can be quite sad,
however, what I'm
On 08/31/2017 09:32 AM, Luis E. Muñoz via mailop wrote:
I believe they misspelled "v=spf1 -all"
Why would a spammer purposely use a SPF record that states that no email
is sent?
That seems like it would be the exact opposite of the very thing they
want to do.
Is this some sort of techniqu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2017-08-31 at 12:00 +0200, David Hofstee wrote:
> Interesting setup. What do you mean by 'clever'? Because I am not sure
> what this setup will gain them.
Sorry, that was a bit of snark. This setup gains them nothing - but it
does randomly b
On 31/08/2017 16:15, Benoit Panizzon wrote:
Strange, todays active domain is: apparty.bid
apparty.bid descriptive text "v=spf1 ip4: -all"
We do check SPF, so why did this email pass? Is 'ip4:' equivalent to
the whole IPv4 space?
No, that's an invalid rule. Maybe your SPF checker is letting m
On 31 Aug 2017, at 8:15, Benoit Panizzon wrote:
> Hi Stefano
>
>> From my data I'd say that those MX are MX for PARKED domains at
>> namecheap (I logged more than 1000 domains using that MX and randomly
>> checking some of them, they are parked domains).
>>
>> I guess it can be safe to drop incomi
Hi Stefano
> From my data I'd say that those MX are MX for PARKED domains at
> namecheap (I logged more than 1000 domains using that MX and randomly
> checking some of them, they are parked domains).
>
> I guess it can be safe to drop incoming email from a parked domain.
Strange, todays active d
On 31/08/2017 15:20, Benoit Panizzon wrote:
Now I found one thing in common to those spam mails. All of them point
to MX Records from:
eforward1.registrar-servers.com.
to
eforward5.registrar-servers.com.
run by a registrar service. Interestingly not the same used to register
the domains in ques
On 31 August 2017 at 16:20, Benoit Panizzon wrote:
> Hello
>
> Since a couple of days we get a lot of spam from randomly changing
> domains under gtld bid. faith. website. loan. to name a couple.
>
> Now I found one thing in common to those spam mails. All of them point
> to MX Records from:
>
> e
Hello
Since a couple of days we get a lot of spam from randomly changing
domains under gtld bid. faith. website. loan. to name a couple.
Now I found one thing in common to those spam mails. All of them point
to MX Records from:
eforward1.registrar-servers.com.
to
eforward5.registrar-servers.com.
Hi Carl,
Interesting setup. What do you mean by 'clever'? Because I am not sure
what this setup will gain them.
Yours,
David
On 30 August 2017 at 18:55, Carl Byington wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> If you do much work in email / spam control, you end up seeing
13 matches
Mail list logo
