On Mon, May 26, 2025 at 08:08:56PM -0400, J Doe via mailop wrote: > I operate a small mail server for a non-profit organization. Over the last > two weeks or so, I have observed servers connecting and attempting to > deliver to non-existent addresses. > > Ordinarily it's pretty easy to figure out what's going on ... they are > approximations of accounts such as: first-initial-last-name@domain, which I > am assuming are e-mail list validation services or possibly people > attempting to deliver to a mistyped account name, but now I am seeing > delivery attempts for a seemingly random list of alphanumeric characters - > for example, something like: s8d2x1@domain. > > Does anyone see deliver attempts like this ? No "ordinary" human account > would be a string of alphanumeric characters and while this might be a list > verification service with a bug, there seems to be a fair number of > attempts. > > What could this be ?
From the desciption I think you are mainly seeing the effect of one or more spam campaigns choosing to use your domain(s) as the base for fake sender/return addresses for their runs. The actual messages could be anything, but we occasionally see here oddities like what could plausibly be personal names in a specific nationality, which could possibly be part of targeted phishing campaigns. Anyway, for reasons we started using those fake addresses originally extracted from log entries for apparent bounce messages as spamtraps, see eg https://nxdomain.no/~peter/traplist.shtml and links therein. You *could* choose to just ignore the noise, but if that is for some reason or other not an attractive option, harvesting the fake addresses for greytrapping might not be the worst decision to make. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
