Hi All,
Once again, an update from the trenches, and what our spam auditors are
seeing...
Last couple of weekends, bot activity took off, mostly LATAM IPs,
brazilian ISP's who still have not blocked off port 25 on their
networks. Hopefully a topic AGAIN at the Lacnic event in Mexico..
Mostly just standard easy to ignore, but the volume is high.
Windows bots..
OVH is once again in the cross hairs, not only because of the hundreds
of VPS's spamming (vps-d6643448.vps.ovh.ca naming convention) but
because more snowshoe spammers. It should be obvious to them that many
of the clients with different names, are really in fact the same guy(s).
Just different variations of the same names, using .co addresses.
More droplets stood up for phishing at large hosting providers.. pretty
obvious stuff, but dangerous.
Chinese Cloud provider spammers still at work, but most of those ranges
are now in RBL's.
More SERVERION (Des Capital) IP space.. how do they keep getting more IP
Space? Cannot more be done? Not only spam and phishing, but many other
types of attacks.
SalesForce has a bunch of 'bad customers', pretty obvious fake domains
related to weight loss, and finances..
Sendgrid STILL keeps sending phishing.. *sigh* lots of IPs
Cisco's Cloud filtering leaking a lot more the last while..
ESP's other than SendGrid leaking more phishing than usual. #itsnotthathard
Too many Government and Enterprise servers with compromised accounts,
probably due to that targeted Zimbra phishing attack over the last few
weeks, but sure wish they would reach out more often.
Have a soft spot for protecting government email servers, but usually it
is simple best practices that would prevent a lot of it. Just out of
the box, is not the way to operate.
As for the rest, looking forward to M#AAWG again, it's been awhile. feel
free to reach out to offlist if you want to meet up.
-- Michael --
PS, Matt (Spamhaus) hope your team is there again, be a nice chance to
say remembrances. And nice of you to offer support for all those Cyren
customers that are affected. I am sure many RBL services will be ready
to jump in for their customers (Talked to the SpamRats team, they are
going to do something similar)
And for those Cyren employees, especially our friends in Ukraine who
already have it rough.. I am sure there will be plenty of companies
ready to take some of them on. If you know any, feel free to have them
connect to me on LinkedIn etc.
Have a great weekend..
I leave you with a "spot check" on which ESP's are being seen the most
on one of our servers.. in order of highest to lowest.. Not judging the
good from the bad ;)
Marketer (Cheetah)
Marketer (SendGrid/Twilio)
Marketer (SalesForce)
Marketer (Vertical Response)
SparkPost
Marketer (Rocket Science, MailChimp)
Amazon SES
MailGun (on Rackspace)
Marketer (HubSpot)
Marketer (Marketo aka Epsilon)
Marketer (Salsa Labs)
Marketer (Oracle Bronto)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
