On Tue, Mar 24, 2020 at 11:27 AM Atro Tossavainen via mailop <mailop@mailop.org> wrote: > > On Tue, Mar 24, 2020 at 10:58:14AM -0500, Al Iverson via mailop wrote: > > I'm not understanding how this intersects with spamtraps. What does > > this alert actually notify a network owner of? > > Failed SMTP auth attempt from my IP space? > > Or a failed SMTP auth attempt from someplace else TO my IP space? > > Or door #3? > > Failed SMTP auth attempt to somewhere controlled by Abusix, using > credentials "apparently at" domains that are not served by any > reasonable stretch of imagination by the Abusix hosts involved. > > Door #3. It has nothing to do with your IP space, and it only has > to do with bots pulling domains that belong to you to use here > out of their ...I meant to say thin air, of course. > > To me, that constitutes pure noise with no signal.
Somebody forged your domain in SMTP auth/relay attempts over here? Oh boy, I'd say that's basically a new form of blowback. Ask Atro and Chris-- I don't always agree with them and I'm not one to jump on a bandwagon-- but when they both tell you what you're doing is clown shoes, you really ought to put it on pause and look down and see what you've got on your feet. In this case, they are 100% right. These are not useful notifications. If somebody finds these valuable, develop an opt-in mechanism for sending them. Like for DMARC reports. Regards, Al Iverson -- al iverson // wombatmail // chicago dns tools are cool! https://xnnd.com _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop