I have been seeing a LOT of this type of spam lately, where the IP addresses are obviously spoofed, and the spammer is sending spam from a specific /24 address space, incrementing the address by one each time. For instance:
Jul-20-20 01:40:20 [Extreme] 92.242.186.14 <pur...@highlightfever.co @> spam reason: (score for 92.242.186.14 is 231, surpassing extreme level of 200) [Dead Simple Trick Brings ANY Battery Back To Life] Jul-20-20 02:31:16 [Extreme] 92.242.186.15 <th...@operationball.co @> spam reason: (score for 92.242.186.15 is 211, surpassing extreme level of 200) [Drink 2 a day to Shred 20lb Of Nasty Fat Shark Tank] Jul-20-20 03:12:17 [Extreme] 92.242.186.16 <sp...@baseballmile.co @> spam reason: (score for 92.242.186.16 is 296, surpassing extreme level of 200) [Diabetes reversed by Stainless Steel] Jul-20-20 04:48:44 [Extreme] 92.242.186.18 <ca...@tortureadd.co @> spam reason: (score for 92.242.186.18 is 276, surpassing extreme level of 200) [From flaccid to rock hard in 45 seconds] Jul-20-20 05:20:45 [Extreme] 92.242.186.19 <to...@coldtroop.co @> spam reason: (score for 92.242.186.19 is 266, surpassing extreme level of 200) [1 WORST Food for High Blood Pressure] I'd love to see ASSP identify this kind of behavior and after seeing several spam emails coming in from a block of IPs like this, automatically just block that /24 address space entirely. _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
