No problem.. end of thread.
In this case, it was reported due to a couple of factors..
* Relevant to previous thread about ESP's checking for obvious risk
factors (EnvelopeFrom vs From domains)
* Reminder to ESP's to use IP space that is properly SWIP'ed (contact info)
* A particularly severe threat..
(A lot faster than traditional abuse reporting methods)
* Not sure that ESP's are on those message abuse focused lists ;)
On 18-05-09 11:19 AM, Steve Atkins wrote:
It is never spam discussion day on MailOp, unless it's operationally relevant
to email. If it's not, like this, maybe take it to the spam or messaging abuse
focused lists, some of which I'm sure you're on or reach out to the relevant
company directly?
Cheers,
Steve
On May 9, 2018, at 11:09 AM, Michael Peddemors <[email protected]> wrote:
Return-Path: <[email protected]>
Received: from mta65a.sparkpostmail.com (HELO mta65a.sparkpostmail.com)
(54.244.48.142)
Subject: Confirm your payment method !
From: =?utf-8?B?TtCV0KJGTEnQpQ==?= <[email protected]>
List-Id: <spc-218000-0>
Fake Netflix Account renewal spam, probably a Ransomware or Phishing..
Same issue as MailGun, when the EnvelopeFrom domain is not the same as the
From, do stronger validation..
PS, big pet peeve with SparkPost and other ESP's on Amazon..
Ensure that you use 'rwhois' and/or 'SWIP' for the ranges you operate..
This range does have it.. (good to see, but looks like more recent don't use
SWIP)
NetRange: 54.244.48.128 - 54.244.48.159
CIDR: 54.244.48.128/27
NetName: AWS-MESSAGE-SYSTEMS
NetHandle: NET-54-244-48-128-1
Parent: AMAZO-ZPDX2 (NET-54-244-0-0-1)
NetType: Reassigned
OriginAS: AS16509
Customer: Message Systems (C05875656)
However, MUCH of the IP(s) in use do NOT have SWIP..
52.39.182.205
52.39.183.14
52.35.124.222
.. hundreds of listings..
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
