Am 27.05.22 um 21:38 schrieb Michael Rathbun via mailop:
Here are the domains this gang has used in the last seven days:
If you look up the MX records for these domains, you see a certain clustering around one provider. The IP addresses that I checked don't accept port 25 connections at this time, but probably they did when the spam run was active.
Whether blocking a whole ASN is more advisable than blocking a whole TLD is a matter of opinion - I've often seen that past spammer hosting in an ASN's IP space was a good predictor for future spamminess, but of course as with TLDs you will always have some legitimate servers in the mix...
Cheers, Hans-Martin _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop