PaulDotCom mailing list archives
"Mailshell: Signed Sender Report"
From: mike at snowcrash.ca (Mike Patterson)
Date: Wed, 28 Apr 2010 12:44:39 -0400
The last week or so I've been getting the occasional email (two so far) from 'signedsender at checklabs.net' with a subject like the one of this message. They seem to be trying to tell me they think that an IP in a netblock for which I am an abuse contact is sending spam. The first note I pulled external flow data for the problematic host and found that the only traffic bound for it in the last two weeks was portscans; it never actually sent any traffic outside our network, not a single bit. The second note, which I received just now, is talking about a different IP that, so far as I can tell, hasn't been used for months. Does anybody know who these people are? If this is a phish, it's a strange one. The body is like this: ---- This message is brief for your comfort. Please use links below for details. This message was sent automatically. Please do not reply to this email. We have received reports of unwanted email sent using the IPs and domains listed below. You are listed as the owner of those IPs and domains. If these IPs and domains are used to send unwanted emails, then do nothing and we will block the emails automatically. If these reports are mistaken, please submit a report at: (URL in checklabs.net domain) If you do not wish to receive these warnings again, please click here: (slightly different URL in checklabs.net domain) ---- We have a /16 that's mostly allocated and abuse is me and a single co-worker, so obviously I'm not keen on spending a great deal of time chasing down reports unless I have confidence that they're useful. So far, these have been useless. Does anybody have any experience otherwise? Mike
Current thread:
- "Mailshell: Signed Sender Report" Mike Patterson (Apr 28)