That is what we ended up doing for this customer. They can't receive any port 25 traffic from any IP addresses except ours now. I just had never seen evidence of spammers caching IP addresses before.
I was thinking though that scanning ranges of IP addresses for responses on port 25 and then sending e-mail either from or to <user>@domain.tld, where domain.tld is the second-level domain found when you do a lookup on the Reverse DNS for any IP addresses found to be responding on port 25, might be a good way for spammers to get their messages through.
Thanks, Much! Dan Geiser [EMAIL PROTECTED]
----- Original Message ----- From: "Goran Jovanovic" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 18, 2004 1:49 PM
Subject: RE: [Declude.JunkMail] Interesting Spamming Technique
Hi Dan,
What we do for out store and forward customers is to lock down their firewall to only accept port 25 traffic from our IPs. Instant end to the end-around problem.
I moved a MX record about a week ago for a domain and I am still seeing about 1000 messages per day still hitting the old IP address and 98% of them are WEIGHT10 +
Goran Jovanovic The LAN Shoppe
day-----Original Message----- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Thursday, November 18, 2004 10:32 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Interesting Spamming Technique
Hello, All, In addition to doing spam filtering for some of our IMail hosting customers we also do Store and Forward filtering for a few domains. In the past
me Ior so I've had complaints from Store and Forward customers about an increase in spam. When I check the headers of the e-mail they are sending to
don't see any indication that they e-mail was routed through us andNOT
picked up as spam. Instead it looks like the mail was delivereddirectly
Theto their e-mail servers and did the end around our Store and Forward.
thing is I have no idea how the spammer even knew the direct IPaddresses
records.of our customers because those don't show up anywhere in their DNS
Although I guess they could just be running port scans and checkingfor
incomingresponses on port 25 and attempting delivery of spam that way without using DNS lookups. But part of the IMail Store and Forward documentation involves locking down the SMTP server to only accept e-mail of the relaying IP address. I'm 99% sure that we had the customers lock down their
e-mail to only accept connections from us but I need to confirm that.In
the meantime has anyone noticed an increase in this direct deliverymethod
-----------------------------------------------------------------------which basically ignores the current DNS system?
Thanks In Advance, Dan Geiser [EMAIL PROTECTED]
Sign up for virus-free and spam-free e-mail with Nexus TechnologyGroup
---http://www.nexustechgroup.com/mailscan
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. ----------------------------------------------------------------------- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan
-----------------------------------------------------------------------
Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
