Hi all,
Hoping to get out of the office early today, start of the long weekend,
but remember, that's when the 'bad guys' like working.. but wanted to
get an update out before I go...
....
This week, it has still been about the really bad problem over at
SendGrid/Twilio shared senders.. with the way their stock price has been
going, you think that they can put a little more resources into outbound
spam detection.
Most of it is 'phishing' with such EASY signs, that really hard to
understand why it isn't being stopped.. From friendly names of 'PayPal',
'NetFlix', 'Office VM' (voicemail) etc.. been going of for weeks..
....
Someone at OVH is warming up IP(s) again.. might want to watch for them
this weekend, we have seen this guys naming patterns before..
51.81.38.0 1 abilene.newyorkroyalty.com
51.81.38.1 1 akron.newyorkroyalty.com
51.81.38.3 1 albuquerque.newyorkroyalty.com
51.81.40.0 2 abilene.sailminister.com
51.81.40.1 1 akron.sailminister.com
51.81.45.1 1 akron.kvbhilai.com
51.81.45.2 1 albany.kvbhilai.com
51.81.50.1 2 akron.suandoihouseresort.com
51.81.50.2 1 albany.suandoihouseresort.com
51.161.27.0 2 abilene.atabasco.com
51.161.27.1 1 akron.atabasco.com
54.38.102.0 3 abilene.flowersmelody.com
54.38.102.1 1 akron.flowersmelody.com
54.39.207.0 2 abilene.transgulfkandy.com
54.39.207.1 1 akron.transgulfkandy.com
51.79.46.1 1 akron.topnak.com
51.81.39.0 2 abilene.ticketsmasbaratos.com
51.83.112.1 1 akron.kliksekarang.com
54.39.79.1 2 akron.rosalvarosales.com
66.70.140.1 1 akron.seethenshare.com
51.81.41.2 1 albany.travokit.com
Not sure if this is accurate.. wish OVH did more 'rwhois' and SWIP,
given the sorry state of abuse handling..
organisation: ORG-RB118-RIPE
org-name: Rocha Bernardo
org-type: OTHER
address: 199 E. Flagler St #125
address: 33131 Miami
address: US
phone: +1.4159643728
abuse-c: ACRO20358-RIPE
mnt-ref: OVH-MNT
mnt-by: OVH-MNT
created: 2018-11-16T21:09:14Z
last-modified: 2018-11-16T21:09:14Z
....
Still far too much leakage from o365 and Gmail, most of it stuff that is
old hat, things like Nigerian Prince.. Lottery.. even COVID related
scams, for all the attention that was supposed to be on that.
And too much 'selling email lists' and 'seo' and 'increase sales' from
domains that are quite obvious 'shills'.
....
Amazon spammers on AWS, as well as email hacking attempts continues to
be a problem, fortunately/unfortunately we see more and more RBL's
placing that IP space on their lists. Seems like everyone is getting
more aggressive, not only on Amazon, but Azure and Google cloud as well.
....
Oh, and a chance to blow our own horn for once.. one of our division's
RBL's (SpamRats) has been in existence now since 2007, and while we
haven't been as aggressive in promoting it as some of our competition,
nice to see that our data collection techniques have worked so well over
the years..
Yes, it is only one source, but nice to see 3rd party validation of our
effectiveness (thanks intra2net.com), see attached..
Too bad that there are some 'bad apples' trying to strip mine our data
to call it as there own, might be nice if they just contributed/donated
to the efforts instead. And it didn't help that some russian based
spammers got p*ssed off, and started attacking our networks.. Yeah, it
costs money to make the world a better place..
Any chance that the email marketing companies with the billions' in
revenue might be altruistic and help the little guys? ;)
....
Oh, if any one wants more honeypot email addresses, seems like someone
is stripping IETF documents for them... not real smart to target spam at
people that know what they are doing ;)
....
While China has done a reportedly good job on stopping COVID, they seem
to really do a lousy job at computer infections.. CutWail infections in
China are back on the rise.. Thankfully, real easy to detect, and should
not bother anyone with even the most basic of spam protection.
....
Scaleways spammers back on the increase after a hiatus for a while..
163.172.149.70 x20 70-149-172-163.rev.cloud.scaleway.com
163.172.152.44 x25 44-152-172-163.rev.cloud.scaleway.com
163.172.153.174 x5 174-153-172-163.rev.cloud.scaleway.com
163.172.153.62 x8 62-153-172-163.rev.cloud.scaleway.com
....
Overall though, new sources are on the decline, albeit we are seeing an
increase from compromised accounts. Nice thing about IPv4 runout,
virgin IP space to spam from is getting scarce..
....
Hope everyone is having a great weekend.. spoil yourselves, today is
National Chocalate Chip Cookie day!
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
