https://gallery.mailchimp.com/610fc83db946b5ef98ada3973/files/1e20c398-e898-4a25-a513-75c53236b113/PO_EE16062017.zip
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Smile for your weekend...
Trying to report a large scale dictionary attack from AWS..
(Part of the rejection headers below)
The original message was received at Fri, 5 May 2017 21:04:33 GMT
from pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]
- The following addresses had perma
From: "Customer Name"
host notification.intuit.com
(No A or MX Records)
This will quickly get their messages marked as spam..
(NOTE: These are valid invoices, I am sure their customers want them delivered)
(Seemed like an appropriate post for the list on a Friday, and a reminder to
other ESP
umbers are increasing, a reminder to network operators to
help mitigate the spread..
On 16-11-02 02:28 PM, Richard W wrote:
How are you making a IoT connection with this spam? This is just
today's Necurs bot spew. Changes every day.
Richard
On 2016-11-02 1:38 PM, Spam Auditor wrote:
While
While most of this is originating from the IoT, this latest has an
interesting pattern..
And it is coming from all the DUL (well dynamic and static broadback
access points) so most of it is of course in the spam folders already.
However, it is quite a large usage of the botnet so thought I woul
On 16-02-09 11:14 PM, Aaron L. Meehan wrote:
On Tue, Feb 09, 2016 at 08:56:28AM -0800, Spam Auditor wrote:
Just noticed a very large increase of activity from comcast, it
could be that they have changed naming conventions (PTR) records on
their dynamic space, or that they are not doing egress
Just noticed a very large increase of activity from comcast, it could be
that they have changed naming conventions (PTR) records on their dynamic
space, or that they are not doing egress filtering on network..
Maybe though information on this naming convention, and what it
represents would be
You might want to review the history of this mailing list.
It was mentioned that a header is injected in the messages if Microsoft
finds it suspicious, (spammy) but still was 'compelled' to send
the message.
Eg..
X-Forefront-Antispam-Report: SFV:SPM; ...
The SPM, is the indicator..
Having
On 15-10-21 09:06 AM, Carl Byington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2015-10-21 at 08:51 -0700, Spam Auditor wrote:
Sounds like the AUTH-FAIL attack, which we have seen operating on
Windows machines, eg mailcracker.exe.
No attempt at auth:
<-- E
Sounds like the AUTH-FAIL attack, which we have seen operating on
Windows machines, eg mailcracker.exe.
Several RBL's are dedicated to reporting on these.. Sometimes the attack
engine is not properly configured, and you get stuff like this, but of
course more information is needed.
This coul
10 matches
Mail list logo
