It's been an awfully quiet week on the mailop list, so thought I would
send this weekly update early, spring is here, and I have new equipment
being delivered to the mountain, and warm days ahead.. so hope to call
it an early week.
But all in all it has been a quieter week in the trenches as well. Good
time to call out some of the smaller problems that are happening as well.
* Overall spam volumes down..
* Bot Traffic is 25% of normal
Even though all the talk is about Emotet spam and OneNote again, we are
still seeing very little of it, but I am sure they will adapt.
Biggest fear this week, is the zero day exploits on Outlook, that can
compromises users email accounts.
Phishing targeting Zimbra servers on the rise again, unfortunate as so
many are government and enterprise customers, and it is #notthathard to
stop.
Snowshoe Spammers tried a new run this week, but still easy to catch,
and coming from loosely controlled networks like ColoCrossing.
See ESP's being used to send Casino spam.. didn't know that was still a
thing.. Which brings me to a pet peeve..
Received: from m231.mxout.mta4.net (HELO m231.mxout.mta4.net)
(67.227.85.231)
Umm.. new name? Geographical Media (C05898875)
ESP's, you know better.. it's a Best Practice.. if you have a domain in
your PTR record, make sure it goes to your company website.
https://mta4.net/ (um, SSL certificate please)
http://epsl1.com/
Any one else want to point out others?
And to the other baddies, how does Stark Industries keep getting new IP
Space, new block only created 6 days ago, and spamming already.. But the
real malicious stuff on the network is even worse..
Spanish Fake Invoice spam still beating the doors' down.. But you know
where that is coming from..
Received: from jcaq11.suportedka.com (HELO jcaq11.suportedka.com) (Dig)
X-Mailer: Airmail (8519)
Yeah, Digital Ocean, calling you out on this.. easy to detect.
And phishing from cheap VPS providers... We know, if you sell VPS's for
under $1, you don't have money for security teams but.. it is #notthathard
Received: from slot0.116buy.com (HELO slot0.116buy.com) (45.86.229.230)
Oh, and these guys don't want to give up..
Received: from e-yun.life (HELO e-yun.life) (89.46.34.22)
Next week, we can get back to slagging the 'Too big to Block' guys,
Gmail and o365 are not getting any better..
.............................
That's all for this weeks edition, take the weekend, and get out in the
sun..
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
