On Tue, 2024-03-12 at 15:46 -0700, Michael Peddemors via mailop wrote: > Tobias, > > This does sound like a typical 'mail bomb', and there are even > services you can rent to mail bomb an enemy.. > > Used to only see it in the gamer community, kid stuff.. but it is > more rare than you think.. sometimes it can go on for several days..
More rare? You mean frequent; What kind of took me by surprise is the MO described in several reddit/etc. posts, which hints at mailbombing being used to hide other activity. > Lot's of single sign on mailing lists, and poorly written contact > forms are abused in a script kiddie style run.. Thing is: A single, badly implemented, contact form is kind of nice; Big volume, many to the same mbox. Mail quickly dropped for that sender, person complains online about bad delivery, all good. However, the volume i saw with my previous rate-limits was around ~10 mails/day getting through. Even now, logging all rate limited requests, what i see is around four mails an hour for the whole service (or would be without any limits applied; those mails now just end up never being send). Thing is, it is incredebly hard to limit below the previous rate of limiting, but there is still an abundance of services on the Internet that can be motivated to send mails like that. > Have to look at examples to be sure.. (feel free to share off list).. What do you mean with examples? I just see target mail addresses (which, incidentally, google finds listed with credentials in some 280- page mail:password dump pdf on scribd.com). Btw, if anyone at google is interested in getting those streamed, so they can take more effective action to protect mailboxes, let me know; This is also why i was wondering whether there is honeypotting going on for this. > Like I said, a lot more rare than you think, but a pain when it > happens. So, from the current logs of 2-4 mails/day, I'd say it happens to at least 40-80 people a day. ;-) > > On 2024-03-12 11:19, Tobias Fiebig via mailop wrote: > > Moin, > > > > over the past 2-3 weeks, I saw a slightly more filled queue for > > email- > > security-scans.org; A lot of users seemed to start tests, but never > > received the corresponding test mails; In most cases, the ESP hat > > shutdown delivery to these inboxes due to a sudden high volume of > > inbound messages, with most addresses hosted being under @gmail.com > > (and some outlook.com/yahoo.com as well). > > > > A bit of digging found several end-user reports of the following > > MO: > > > > - Get phished > > - Something expensive is bought > > - Mailbox is overflown right when the notification of the > > transaction > > comes, likely in a bid to hide the illicit purchase > > > > Naturally, there now have been some 'adjustments' to the service to > > make sure it no longer contributes to that... and maybe finds some > > insight into what is happening there... *loglog* > > > > However, I'd be interested in hearing whether I had just missed > > some > > very common spam reason here; So: > > > > - Did somebody else stumble over this in the past and/or did i > > simply > > miss this being a thing? > > - How is this handled for, e.g., all the other tools that allow > > generating "a lot" of mail only needing a request (signups in > > general, > > ticket systems, [...])? I never saw something like this (on my own > > or > > others systems), even when dealing with services equally easy to > > motivate into mailsending. > > > > With best regards, > > Tobias > > > > _______________________________________________ > > mailop mailing list > > mailop@mailop.org > > https://list.mailop.org/listinfo/mailop > > -- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M tob...@fiebig.nl _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
