Re: [Declude.JunkMail] Interesting Spamming Technique

[Matt]

I've seen about 4 different spammers, 3 zombie spammers/gangs and one 
static porn spammer, cache old MX records for indefinite periods of 
time.  It appears that they load their machines with a table containing 
the IP of the domain in question, and they don't often refresh such 
records, and maybe not at all.  Locking down port 25 on the router or 
the MTA software on the customer's end to only accept non-AUTHed E-mail 
has worked so far as I can tell.  There's no reason that this shouldn't 
work if done properly.

Try a telnet connection to test send E-mail from your PC and that should 
verify if they are in fact locked down.

Matt

Dan Geiser wrote:
Hello, All,
In addition to doing spam filtering for some of our IMail hosting customers
we also do Store and Forward filtering for a few domains.  In the past day
or so I've had complaints from Store and Forward customers about an increase
in spam.  When I check the headers of the e-mail they are sending to me I
don't see any indication that they e-mail was routed through us and NOT
picked up as spam.  Instead it looks like the mail was delivered directly to
their e-mail servers and did the end around our Store and Forward.  The
thing is I have no idea how the spammer even knew the direct IP addresses of
our customers because those don't show up anywhere in their DNS records.
Although I guess they could just be running port scans and checking for
responses on port 25 and attempting delivery of spam that way without using
DNS lookups.  But part of the IMail Store and Forward documentation involves
locking down the SMTP server to only accept e-mail of the relaying IP
address.  I'm 99% sure that we had the customers lock down their incoming
e-mail to only accept connections from us but I need to confirm that.  In
the meantime has anyone noticed an increase in this direct delivery method
which basically ignores the current DNS system?
Thanks In Advance,
Dan Geiser
[EMAIL PROTECTED]
-----------------------------------------------------------------------
Sign up for virus-free and spam-free e-mail with Nexus Technology Group 
http://www.nexustechgroup.com/mailscan

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
 

--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.