Educause Security Discussion mailing list archives
Re: Pointless email spam
From: Curtis McNay <cmcnay () GMU EDU>
Date: Wed, 17 Apr 2013 16:14:36 +0000
We are seeing messages coming from the "yourschoolemail.net and myschoolemail.net" domain, same random, no payload, no link messages. The domains are register by same generic person and hosted by the same provider in France. The volume is not substantial enough to represent a DOS on email systems or filters. I also think these are probes that phishers are using to manage and clean their email databases. ``````````````````````````````````````````````````````````````` Curtis McNay Director of IT Security IT Security and Project Management Office George Mason University Email: cmcnay () gmu edu Web: http://itsecurity.gmu.edu ``````````````````````````````````````````````````````````````` From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Heath Barnhart Sent: Monday, April 15, 2013 1:09 PM To: SECURITY () listserv educause edu Subject: Re: [SECURITY] Pointless email spam A probe maybe? The messages don't contain anything a filter would jump on, like images or links. Just some random text. I'm not as familiar with SMTP headers as I probably should be, but would the response headers from a successful transaction glean any information about the receiving mail system? Heath Barnhart, CCNA ITS Network Administrator Washburn University Topeka, KS On 04/15/2013 10:46 AM, Dennis Bohn wrote: We have been seeing these sort-of literary ones, like your sample #2. No idea what purpose. best, Dennis Bohn Manager of Network and Systems Adelphi University bohn () adelphi edu<mailto:bohn () adelphi edu> 5168773327 On Mon, Apr 15, 2013 at 7:34 AM, Gary Warner <gar () cis uab edu<mailto:gar () cis uab edu>> wrote: Are other schools seeing a big uptick in "no purpose" spam messages? Wondering if this is an enormous email address list cleanse/harvest? or what other motives anyone might theorize on this? Here are three sample email bodies. No attachment, no links. Can't PROVE they are related, just coincidence of timing and pointlessness. ++++++++++++++++++++ (received from myschoolemail.net<http://myschoolemail.net> 173.246.104.97<tel:173.246.104.97>) (from: hilda.barrett () myschoolemail net<mailto:hilda.barrett () myschoolemail net>) Denise, I wanted to know if you understand that you can't come to the super deli next Friday. Cheers, H. ++++++++++++++++++++ (envelope from waggishy08 () acm org<mailto:waggishy08 () acm org>) (x-sender: ultrasug9 () gil com au<mailto:ultrasug9 () gil com au>) (X-PHP-Script indicates it was sent via "afes.com/sendmail.php<http://afes.com/sendmail.php>" at request of 186.87.28.58) (Return-Path: suicidaloa53 () afes com<mailto:suicidaloa53 () afes com>) CHAPTER XLI, Nor from ME, neither. Why HE? I stopped. +++++++++++++++++++++ (received from heattreatmentchina.ru<http://heattreatmentchina.ru> (37.255.60.4) (from: stonehengeqq40 () trinity edu<mailto:stonehengeqq40 () trinity edu>) Bofe un you claims it, But we didnt wait. So Tom was satisfied. ++++++++++++++++++++++ ---------------------------------------------------------- Gary Warner Director of Research in Computer Forensics The University of Alabama at Birmingham Center for Information Assurance and Joint Forensics Research 205.422.2113<tel:205.422.2113> gar () cis uab edu<mailto:gar () cis uab edu> -----------------------------------------------------------
Current thread:
- Pointless email spam Gary Warner (Apr 15)
- Re: Pointless email spam Roger A Safian (Apr 15)
- Re: Pointless email spam Dennis Bohn (Apr 15)
- Re: Pointless email spam Heath Barnhart (Apr 15)
- Re: Pointless email spam Scherck, Daniel (Apr 15)
- Re: Pointless email spam Curtis McNay (Apr 17)
- Re: Pointless email spam Heath Barnhart (Apr 15)
- Re: Pointless email spam Gade, Werner (Apr 15)
- Re: Pointless email spam Jacobson, Dick (Apr 15)
- Re: Pointless email spam Bob Bayn (Apr 15)
- Re: Pointless email spam Jeff Firestone (Apr 16)
- Re: Pointless email spam Jacobson, Dick (Apr 15)