Smaller report this week, all of us want to get the Xmas hats on, and
celebrate the past year.. and for this report, wanted to comment a
little more on the legitimate ESP's, and what we are seeing, rather than
the criminal methods.. And it looks like it is time for a little
housekeeping from some of you..
Of course, a lot of the familiar faces like SendGrid which still doesn't
seem motivated to do much egress checking.. and aside from the really
big guys (Gmail and Microsoft.. not sure how someone can register an
email address as 'fbiauthorities\@outlook.com') I think a lot of other
ESP's should not be calling the kettle black, if they have their own
problems.
Looking at which ESP's are leaking the most phishing this time..
* SparkPost
To: Recipients <[email protected]>
From: "BRADESCO" <[email protected]>
Subject: Troque seus pontos em dinheiro
This week, you lead the pack.. (probably only because much of SendGrid
now on RBL's)
* ZillowMail
* SalesForce
Suggest you look at malicious attachments being sent out your systems.
* Zoho
Continuing to see far too much traffic to invalid email addresses
* MailGun
Careful, looks like you are getting more and more abuse, please don't
try to be SendGrid..
* SocketLabs
Some of your customers databases appear stale or suspect, eg square..
WAY too many invalid email addresses.
* Tucows
I think in your case, it is probably more compromised accounts, but
last 24 hours look worse than normal. (Apply some RBL's to your
authentication systems? ;)
* Cisco
Not sure if it is cloud filtering, or other services, but reports
have been spiking of late.
68.232.139.178 x29
178.139.232.68.in-addr.arpa.c3s2.iphmx.com,esa3.aegis.c3s2.iphmx.com
68.232.139.184 x11
184.139.232.68.in-addr.arpa.c3s2.iphmx.com,esa4.aegis.c3s2.iphmx.com
68.232.150.62 x21
62.150.232.68.in-addr.arpa.c3s2.iphmx.com,esa1.aegis.c3s2.iphmx.com
68.232.150.70 x9
70.150.232.68.in-addr.arpa.c3s2.iphmx.com,esa2.aegis.c3s2.iphmx.com
* MimeCast
Improving, not all the way there yet, but a far cry from last year.
* CheetahMail
A bit all over the place, but some customers seem to always have bad data..
....
Okay, just a quick reminder, we can all do better.. Well, maybe
Twilio/Sendgrid simply don't know how (toungue in cheek), and noone
wants to deal with blacklisted ips over the holiday.. Your customers
have important messaging to get out.. so take this next week, and see
what you can do to improve things on your end..
Automated systems to detect spam don't stop on the holidays, but your
abuse teams would like a little time off..
Next week, can go back to the regular scheduled programming, and just
call out the bad guys.. Take the above with a grain of salt, some
companies are bigger, some smaller, this is just some observational data
that might help someone somewhere..
-- Michael --
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
