[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spam to bogus users

On Fri, 14 Jul 2006, John Kelly wrote:


k2159jcd003343@isp2dial.com
k1mmcsoa007563@isp2dial.com
k1nardpb001747@isp2dial.com



This is a Joe Job. http://en.wikipedia.org/wiki/Joe_job  A spammer is
using your domain with the random usernames to send spam to other domains.



These likely are the bounce messages from domains that queue SPAM before
rejecting and don't check SPF records.


If these were bounce messages, they should have an IP address of a
real domain.  But they never do.  They're from hosts which lack DNS,
or occasionally a host listed in a dnsbl.  So it seems more likely
they are client hosts infected with spam malware.
I was getting messages like that a [long] while ago. When a message with a userid like that got greylisted, I setup an alias that matched the user so I could see what was being sent. Sure enough, an hour later, I did get the message and it was a bounce message.
I guess they've moved onto another formula or as mentioned, they're now scraping those from useless posts. 

I don't see why your worried about it when you already don't accept emails
to valid recipients like

jak@isp2dial.com
postmaster@isp2dial.com

Thanks,
Steve
Reply to: