This week saw a comeback of that operator, using new networks.
They have been on our reputation lists for a bit..
Also have detection systems that detect the sending patterns, for this
one..
Don't have the actual detection algorithms, but can share them off list
if you want.
That 131 range is new from this week, but they have burnt about 20 /24's
with that campaign. The .cam is a nice 'indicator', but would not blame
the whole TLD, these guys also used a couple of other ones as well.
77.73.131.10 (M) 30 mail.derconmi.cam
77.73.131.14 (M) 3 mail.glovkie.cam
77.73.131.18 (M) 1 mail.panalsolk.cam
77.90.154.12 (M) 5 mail.silvsinvv.cam
Could always send you those, (or of course, give you access to our
reputation lists ;)
On 2022-05-27 11:01, Anne Mitchell via mailop wrote:
We've started getting a fair amount of spam from .cam domains; in fact they all look the
same, using the same HTML template with the same body format, but from different .cam
domain for different 'businesses', so I suspect that one operation is selling "email
marketing" packages to clients and setting it up for them, especially as they all
are sending through their own domains, and, let's face it, these sorts of spammers
usually don't know how to set up their own MX, etc.. rather than spamming through Google
or Outlook.
They are all coming from:
77.73.131.0/24
185.221.66.0/24
they share:
mnt-routes: ashitt
mnt-domains: ashitt
mnt-by: ashitt
A few sample domains are:
stretchch.cam
inogenosx.cam
securetho.cam
livingcois.cam
I have a body of about 20 now (I'm sure I deleted many more) that are all clearly set up
by the same entity, for/from different "businesses" using their own domains, so
it's clearly a spam factory (they are almost certainly including a mailing list with the
setup). Full samples available upon request.
Anyways, can anyone think of a single reason to *not* block all of .cam?
Or, hey, to not get these IPs listed? ;-)
P.S. Aaah, a TLD that can be, in quick-glance, mistaken for .com; good
thinking!
Anne
--
Anne P. Mitchell, Attorney at Law
CEO ISIPP SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus: Mail Abuse Prevention System (MAPS) (now the anti-spam arm of
TrendMicro)
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
