Re: Sustained spamming of single mailbox

[Ken Connelly <ken.connelly () UNI EDU>]

A new account/address without any connection to the previous may be the
only way to stem the tide. That's obviously a fairly drastic step but it
may be what it takes.  Depending on the nature of the spam, a graylist
type of filter may also provide some relief.

-ken

On 12/31/20 10:44 AM, Bole, Jim A wrote:
> I’d appreciate any suggestions on how to mitigate or stop an unusual
> spam attack against a single mailbox.
>
>  
>
> We have one account that is being continually spammed with 1-1.5K spam
> emails a day for almost 10 days.
>
>  
>
> We’ve quarantined all inbound external email as a workaround.
>
>  
>
> The emails appear to be random spam including newsletters, shopping
> and in various languages. Sample subject lines:
>
>  
>
> С наступающим НОВЫМ 2021 годом - БЕЛОГО МЕТАЛЛИЧЕСКОГО БЫКА!!!
>
> Your privacy is key 🔐
>
> [SITREP] Survival Dispatch
>
> The Morning Notes | Fiscal Spending and Bond Yields
>
> End of Year Gown Promotion!
>
> IndieWire Staff Picks Year's Best Films; Wild Box Office Path of 'The
> Exorcist'; 2020 Changes to Industry
>
> Guess what’s back in stock?
>
> A guide to your 2020 personal annual review
>
> ​[Achtung!] Ich analysiere dein Business persönlich
>
> Kick-start 2021 with our top 5 Sales
>
> Master your home life, from welding to gardening!
>
>  
>
> I have a hunch that someone intentionally targeted the user with some
> sort of dark web “spam as a service” The user isn’t aware of anyone
> who might be targeting him/her.
>
>  
>
> Any help or info greatly appreciated.
>
>  
>
> Jim Bole
>
> Chief Information Security Officer
>
> Information Technology Services
>
> University at Albany, IT Building 102F, 1400 Washington Avenue,
> Albany, NY 12222 
>
>  
>
>  
>
>  
>
>  
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email
> reply. Additional participation and subscription information can be
> found at https://www.educause.edu/community

-- 
- Ken
=================================================================
Ken Connelly                       Director, Information Security
Information Security Officer          University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-3010

Any request to divulge your UNI password via e-mail is fraudulent!


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community