Re: spam to bogus users
On Fri, 14 Jul 2006 09:01:01 -0700 (PDT), Steve Redlich
<steve@redlicheng.com> wrote:
>> I get mail delivery attempts to non-existent users like:
>> k2159jcd003343@isp2dial.com
>> k1mmcsoa007563@isp2dial.com
>> k1nardpb001747@isp2dial.com
>This is a Joe Job. http://en.wikipedia.org/wiki/Joe_job A spammer is
>using your domain with the random usernames to send spam to other domains.
>These likely are the bounce messages from domains that queue SPAM before
>rejecting and don't check SPF records.
<k2159jcd003343@isp2dial.com>... Mail from unknown host
[221.225.87.212] delivery refused
<k1mmrlps007599@isp2dial.com>... Mail from unknown host
[218.63.92.165] delivery refused
<k1nardpb001747@isp2dial.com>... Mail from unknown host
[218.63.92.165] delivery refused
If these were bounce messages, they should have an IP address of a
real domain. But they never do. They're from hosts which lack DNS,
or occasionally a host listed in a dnsbl. So it seems more likely
they are client hosts infected with spam malware.
It would make sense if it was a joe job, because otherwise, I see no
point to it. But how can it be a joe job, since they are not bounces
from real domains?
Reply to: