Am 29.06.2016 um 13:14 schrieb Olivier:
Reindl Harald <h.rei...@thelounge.net> writes:forget the big ones - just filter them out and look at the small ones where PTR/Sender is from the same domain, connect it to your destination domains which are easily to find out and voila you have comapny-to-company relations by looking at the business a nice start for targeted phishings in the wrong handsI think I understand what you mean: group the IP by type of business (through a PRT or a whois), find a valid username in both places and send some phising. This is mde even mor ecomplicated by the fact there is no message count, only a list of IP, so you can only guess how many messages may have been received from a given source (if I omit the IP of my own domain) what I can see s a large number of IT mailing lists and some .jp (probably spam though); it's not easy to make a business model from that.
i just tried to explain why people may hestitate spam-ip's is a no-brainer
While possible, it seems a very complicated scenario for a very small amount of data (how many people will send some log?). It's faster to Google all the universities of Thailand, find valid usernames and send the phisihing: more data, easier to reproduce/scale up/port to other domains of activity.
hard to saywhen i look at my tool-chains for collect data to write rules the last 2 years i guess spammers have also grown tool chains - find valid usernames is one thing
aggregate them with already collected data of outgoing servers for source addresses is easy (just use public mailing list archives like this one with the receibed headers) and you have at least a better chance for selecting forged senders when you know their outgoing servers and targets which get legit mail from there
what is a better forged from-header to one of my customers my email or yours? :-)
signature.asc
Description: OpenPGP digital signature