Hi! Those are ongoing for over a year. Very high volume and many new domain registrations.
Some of the problems we saw recently is that we listed large batches in SURBL and several are no longer in DNS when the campaigns go out due to the quick takedowns. Another part of the set they use older com domains with ‘ok’ reputation and shortly before the sending they move them to Cloudflare. Can outline a lot about this specific ‘sender’ as we have been closely following them for a long time now. Lots of the same campaign types but the variations are always tiny. Harder to filter unfortunately. They use 20-25 domains a day for this. Parts are aged and parts are brand new… With kind regards, Raymond Dijkxhoorn > Op 30 mei 2026 om 19:40 heeft John Hardin <[email protected]> het volgende > geschreven: > > On Fri, 29 May 2026, Tom Williams via users wrote: > >> I have a few samples of these if anyone is interested. > > Feel free to send me an archive via private email. The messages ideally need > to be complete raw messages (all headers intact). If you need to sanitize > local domain info feel free. > > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > [email protected] pgpk -a [email protected] > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > ----------------------------------------------------------------------- > Journalism is about covering important stories. > With a pillow, until they stop moving. -- David Burge > ----------------------------------------------------------------------- > 7 days until the 82nd anniversary of D-Day
