RE: [Declude.JunkMail] Spammers bypassing gateways?

Tue, 23 Mar 2004 20:08:38 -0800 

For what it's worth, I haven't seen anything in the security literature
about spammers operating that way.

Any chance that the affected organizations had, at some time, addresses of
the form:

        [EMAIL PROTECTED]

which isn't uncommon?  I've seen at least one private company that
advertised their addresses as [EMAIL PROTECTED] but their reply-to: was
[EMAIL PROTECTED] so they received spam at both.

Anecdotally, I can also relate that I've seen torrents of smtp traffic aimed
at a dynamic IP; I presumed that the previous owner had an open mail relay
there.

Andrew 8)

-----Original Message-----
From: Matt [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 23, 2004 6:12 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spammers bypassing gateways?


I've been wondering about the possibility and I think that I'm seeing 
proof of this now.  With gateway spam blocking services becoming more 
common, are spammers (zombie-types) now starting to attempt direct 
connections to mail.domain.tld instead of relying on MX records?

I've been advising new clients to avoid standard names such as mail and 
smtp for their mail servers due to the possibility of this happening.  
Twice now I have done switches though with servers named mail.domain.tld 
that continued to be spammed directly for weeks after the MX changed 
took place.  The only other possibility that I can think of is that some 
spamware is caching the IP's or MX records.

Has anyone else seen this?

Thanks,

Matt

-- 
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to