It appears that Grant Taylor via mailop said:
>I know that each postmaster is free to run their own server(s) as they
>fit. But I too question carte blanch blocking of TLDs.
It's a matter of playing the odds. Also keep in mind that some TLDs are a lot
bigger than others. CAM only has 36,000 n
I disintermediate stuff like this at the DNS later since if my ("protective")
DNS firewall says something doesn't exist then communications involving that
thing can't start up.
So for example all of .TK except TCL.TK looks unreachable here. Nothing can be
treated as to big to black-hole. Withou
For the record, yes.. place the blame where it should be, on the network
operator that allows it.. and Grant's suggestion is the better method if
you can implement...
Use 'detection' to find the bad guys, either by IP or ASN, insert those
into a a reputation list, even if it is only your own..
On Fri, 27 May 2022 15:22:29 -0600, Grant Taylor via mailop
wrote:
>Is there a reason that you (dynamically) re-configure your MTA(s) via a
>script verses configuring an upstream router to not route traffic from
>the IPs in their ASN?
>
>I'm just trying to understand and learn vicariously throu
Got this reply. The sad thing is that these new TLDs that ICANN opened (don't
know why) seem to attract spammers like a big magnet.
Sadly I have to block many of them... The .berlin domains is regularly used in
spam for berlin travels.
For most of the times, TLDs were operated by competent peopl
On 5/27/22 3:10 PM, Michael Rathbun via mailop wrote:
I have a script that detects these guys when they fire up a new /24,
which happens about 1.3 times per week, and puts new rules in the MTA.
Is there a reason that you (dynamically) re-configure your MTA(s) via a
script verses configuring an
On Fri, 27 May 2022 22:57:37 +0200, Hans-Martin Mosner via mailop
wrote:
>If you look up the MX records for these domains, you see a certain clustering
>around one provider. The IP addresses that
>I checked don't accept port 25 connections at this time, but probably they did
>when the spam run
Am 27.05.22 um 21:38 schrieb Michael Rathbun via mailop:
Here are the domains this gang has used in the last seven days:
If you look up the MX records for these domains, you see a certain clustering around one provider. The IP addresses that
I checked don't accept port 25 connections at this
On 5/27/22 1:26 PM, Andreas Ziegler via mailop wrote:
Sorry, but this strategy looks more like some hobbyist hosting the
server for himself and his friends.
I know that each postmaster is free to run their own server(s) as they
fit. But I too question carte blanch blocking of TLDs.
Some of
On 5/27/22 2:15 PM, Grant Taylor wrote:
I can understand the desire to block some -- what I refer to as --
vanity domains. But .us is a country code TLD. I would refrain from
blocking CC TLDs.
I also have to call out that blocking early -- possibly questionable --
adopters of new domains /a
Hi Michael,
We don't have intel on how these guys are interacting with the forms.
Regards
Ken
On Fri, May 27, 2022 at 7:34 AM Michael Peddemors via mailop <
mailop@mailop.org> wrote:
> Hey Ken,
>
> Are these contact info spammers using DSL Home style connections, or
> VPN's.. different actors a
Hello Sebastian,
well that is a perfect example why shunning tlds is difficult. Your users will
never be able to get tickets for the botanical garden in Berlin
(www.bo.berlin). Let us not dive into the universities like the Technische
Universität Berlin at www.tu.berlin. And, of course, you mi
Sorry, but this strategy looks more like some hobbyist hosting the
server for himself and his friends.
Some of the TLDs you simply block are used by people i know for
legitimate purposes, let alone by all the people i don't know.
Scoring messages by the TLD, ok, i do that, too - but an immedi
On Fri, 27 May 2022 12:01:46 -0600, Anne Mitchell via mailop
wrote:
>We've started getting a fair amount of spam from .cam domains; in fact they
>all look the same, using the same HTML template with the same body format, but
>from different .cam domain for different 'businesses', so I suspect t
This week saw a comeback of that operator, using new networks.
They have been on our reputation lists for a bit..
Also have detection systems that detect the sending patterns, for this
one..
Don't have the actual detection algorithms, but can share them off list
if you want.
That 131 range
I block a lot of these pieces of shit domains, including .cam:
deny
message = 5.7.1 Banned TLD in MAIL FROM
sender_domains =
^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|cars|casa|christmas|click|club|college|computer|country|cricket|date|design|download|ex
I can't see a single reason not to block .cam, but I will say that I
always get myself into trouble when I block a TLD. All it takes is one
legitimate sender and my plans are shot. That said, this right here:
mnt-by: ashitt
You see that, blackhole and never second guess it. That's one
It appears that Anne Mitchell via mailop said:
>We've started getting a fair amount of spam from .cam domains; in fact they
>all look the same, ...
Whatever its putative initial purpose, it mostly seems to be typosquats, so
block away.
It's not very big, 36,000 names most of which are parked.
We've started getting a fair amount of spam from .cam domains; in fact they all
look the same, using the same HTML template with the same body format, but from
different .cam domain for different 'businesses', so I suspect that one
operation is selling "email marketing" packages to clients and s
Hey Ken,
Are these contact info spammers using DSL Home style connections, or
VPN's.. different actors are using different methods of course.
"Eric Jones" still leads the pack in automated methods, while a
couple of other players use bots, and a couple of others appear to be
'human' aided.
Hi Jarland,
Yes, we see this as well - since this morning Pacific Time. They are
snow-shoeing too, sending just one or two submissions per web form,
presumably to keep a low profile. Same pattern of recipients as you are
seeing.
I'm trying to track down the victim software, which seems to be a Wo
21 matches
Mail list logo