nanog mailing list archives
Re: spamassassin hole again?
From: Andrew Fried <andrew.fried () gmail com>
Date: Sun, 13 Apr 2014 04:09:41 -0400
Thanks, Paul. The #1 spam I'm seeing right now has the subject line "Subject: Why Internet was born?"; the domains from the URLs appear to be listed in Spamhaus DBL. Obviously a different batch. Andy Andrew Fried andrew.fried () gmail com On 4/13/14, 3:59 AM, Paul Thornton wrote:
On 13/04/2014 08:10, Andrew Fried wrote:Any chance you could provide a *clue* as to what you're seeing, eg message subject, from, etc???The subjects seem to vary; but appear to involve animals, sex and cute women in various orders (apologies to anyone offended by that). Content is a one-liner link to porn sites. I agree with the RIPE DB scrape - the From: line on one of these is From: "Registry ripenotify" <info () audiovisualcs com> and the CC line contains our notify: E-mail (plus a load more of this junk to noc|peering|named contacts). These seem to be botted machines sending mails 'legitimately' ie: headers appear to show that the first hop was relayed out through a normal route rather than just port 25 spray. Some are even kindly pre-marked as spam. We've had >250 turn up since 23:34 UTC yesterday (12 April). Appears to have slowed/stopped around 05:00 UTC today (13 April). Paul.
Current thread:
- spamassassin hole again? Randy Bush (Apr 12)
- Re: spamassassin hole again? Sabri Berisha (Apr 12)
- Re: spamassassin hole again? Babak Farrokhi (Apr 12)
- Re: spamassassin hole again? Andrew Fried (Apr 13)
- Re: spamassassin hole again? Paul Thornton (Apr 13)
- Re: spamassassin hole again? Andrew Fried (Apr 13)
- Re: spamassassin hole again? Andrew Fried (Apr 13)