Has anyone else been seeing a lot of email over the past few months, with
sender addresses generally in the format "[EMAIL PROTECTED]", where
"aaa" is generally a 3 to 7-character string of random letters, and
"bbbbbbb-ccccccc" are basically random, unrelated dictionary words? Some
examples would be:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
I also see variants of the theme, in which the domain is still comprised of
two apparantly random, unrelated dictionary terms, but lacking the hyphen.
My greylisting is blocking these, but only after the DATA phase, after
expensive SA overhead. Has anyone tried or found any clever ways to help
detect these, before the DATA phase? DNS shows that in most cases, the name
servers for most of these contain the word "marketing" somewhere in them,
but I'm curious to see what ideas people have considered, tried, or
implemented.
Ken
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
