In the 500+ recent hits in my traps from AWS, I don't actually have anything like this showing up. Perhaps because I'm only capturing full emails, not just noting SMTP activity. But if you google the domain and these IPs you can see it's not necessarily new traffic--there are examples of people asking about nearly identical traffic back in 2019.
Cheers, Al Iverson On Thu, Aug 26, 2021 at 4:02 PM Jarland Donnell via mailop <[email protected]> wrote: > > I haven't seen that but I do have recent activity from that IP, > examples: > > lucy.mxrouting.net: 2021-08-26 09:38:25 > H=ec2-18-215-245-250.compute-1.amazonaws.com (cluster-3.mogonodo.com) > [18.215.245.250] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > F=<[email protected]> rejected RCPT > > safari.mxrouting.net: 2021-08-24 14:18:42 > H=ec2-18-215-245-250.compute-1.amazonaws.com (cluster-3.mogonodo.com) > [18.215.245.250] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no > F=<[email protected]> rejected RCPT > > The recipients they're trying to send to look like randomly generated > strings @ a few user domains. Makes me wonder what this is: > http://mogonodo.com/ > > On 2021-08-26 13:45, Mary via mailop wrote: > > We've noticed an increase of email scans from AWS IP addresses, they > > seem to be testing for variations of the same email: > > > > ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1 > > <foo-bar@domain> > > ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1 > > <foobar@domain> > > ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1 > > <foo@domain> > > ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1 > > <fb@domain> > > ec2-34-207-218-228.compute-1.amazonaws.com[34.207.218.228]: 550 5.1.1 > > <foo.bar@domain> > > ec2-34-207-218-228.compute-1.amazonaws.com[34.207.218.228]: 550 5.1.1 > > <foo_bar@domain> > > ec2-34-207-218-228.compute-1.amazonaws.com[34.207.218.228]: 550 5.1.1 > > <foo.b@domain> > > ec2-54-145-213-229.compute-1.amazonaws.com[54.145.213.229]: 550 5.1.1 > > <bar@domain> > > ec2-54-145-213-229.compute-1.amazonaws.com[54.145.213.229]: 550 5.1.1 > > <f-b@domain> > > ec2-54-145-213-229.compute-1.amazonaws.com[54.145.213.229]: 550 5.1.1 > > <bar-foo@domain> > > > > Anyone seen this before? > > > > _______________________________________________ > > mailop mailing list > > [email protected] > > https://list.mailop.org/listinfo/mailop > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop -- Al Iverson // Wombatmail // Chicago Deliverability: https://spamresource.com DNS Tools: https://xnnd.com _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
