Hello. I would like to report here a spam source that is sending messages to some of our users. Interestingly this source is using forged reverse names for their ips, and they are using many different ips in what seems a snowshoe pattern.
The domains used for their reverse names, PTR records, are “stolen” from other public companies, even Microsoft or Google! Has anyone seen this pattern? Are they trying to steal reputation from these domains? Almost all messages received end in spam folder, but what worries me is that, the PTR resolves to the fake hostname, but the host name doesn’t resolve to the ip, logically…and the messages go to the user mailbox in Outlook.com All messages come from same source, they all show the same footer, with different company/database name, but same physical address…they belong to the same sender company, of course, that points to be Rodlandsky. Is there any way to report this? Shouldn’t be even legal I think. I’ll post here most samples i got from the users mailbox, for your review, as you can see, there are lots of ips pointing to forged host names with domains that they don’t own: Received: fromr81.e-mails.microsoft.com(5.105.205.36) Date: Thu, 22 Dec 2022 08:09:41 +0100 ; Received: from mta.adriatics.eucerin.com(200.234.137.46) Date: Tue, 20 Dec 2022 09:26:34 +0100 ; Received: from eoei.mta7.appspot.com(20.185.222.69) Date: Fri, 30 Dec 2022 05:09:19 +0100 ; Received: from ebifccidhbfd.ams03.turbo-smtp.net(103.180.85.188) Date: Tue, 27 Dec 2022 16:11:06 +0100 ; Received: from mx01.cruncher.email (115.126.32.242) Date: Sat, 24 Dec 2022 05:09:00 +0100 ; Received: from mail.projectseven.com(200.234.157.51) Date: Mon, 26 Dec 2022 03:43:00 +0100 ; Received: from mta.deliver.purdue.edu(212.236.83.49) Date: Tue, 27 Dec 2022 05:49:15 +0100 ; Received: from mta.fr.page.com (200.234.159.125) Date: Mon, 26 Dec 2022 13:06:12 +0100 ; Received: from mailing.agrealestate.eu(212.236.153.158) Date: Sun, 01 Jan 2023 14:19:19 +0100 ; Received: from mta.email.interepargne.natixis.com(139.190.109.57) Date: Tue, 20 Dec 2022 22:36:38 +0100 ; Received: from mta.comm.hanglungmalls.com(5.105.133.174) Date: Thu, 22 Dec 2022 18:47:25 +0100 ; Received: from mailing.makeinternetfair.eu(5.105.146.211) Date: Sat, 24 Dec 2022 16:30:43 +0100 ; Received: from mta.email.dominionenergysc.com(115.126.39.182) Date: Sun, 25 Dec 2022 19:19:31 +0100 ; Received: from mta.palvelut.lexus.fi(5.105.152.110) Date: Sat, 24 Dec 2022 16:29:36 +0100 ; Received: from o185.p8.mailjet.com(212.236.116.176) Date: Tue, 27 Dec 2022 18:06:24 +0100 ; Received: from mailing.whoman.be(5.105.140.222) Date: Tue, 20 Dec 2022 21:23:41 +0100 ; Received: from mta.franciscanhealth-email.org(114.66.160.188) Date: Fri, 23 Dec 2022 12:18:47 +0100 ; Received: from mailing.dommelroute.be(212.236.119.33) Date: Sat, 24 Dec 2022 05:13:43 +0100 ; Received: from relay-001.mailer.nexxtmove.me(200.239.192.62) Date: Sun, 25 Dec 2022 16:04:50 +0100 ; Received: from mta99d8.r.grouponmail.fr(5.105.145.217) Date: Wed, 28 Dec 2022 10:00:18 +0100 ; Received: from mail-io1-f100.google.com(200.239.241.28) Date: Fri, 30 Dec 2022 14:33:27 +0100 ; Received: from pr81.mxout.mta2.net(200.234.136.92) Date: Thu, 29 Dec 2022 08:34:06 +0100 ; Received: from mailing.pvi.be (139.190.109.253) Date: Tue, 20 Dec 2022 21:14:14 +0100 ; Received: from mail.projectseven.com(114.66.162.153) Date: Thu, 22 Dec 2022 04:17:16 +0100 ; Received: from mta.mail.payingtoomuch.com(200.239.194.171) Date: Thu, 22 Dec 2022 12:17:38 +0100 ; Received: from mta.traveladvisors.exoticca.com(200.239.194.240) Date: Fri, 23 Dec 2022 08:08:47 +0100 ; Received: from o1.email.dossierdata.nl(5.105.167.21) Date: Tue, 20 Dec 2022 14:14:57 +0100 ; Received: from mta057234.operations.smartbox.com(5.105.154.89) Date: Mon, 26 Dec 2022 12:21:19 +0100 ; Received: from mail.rpr-spa.it (200.239.201.200) Date: Fri, 23 Dec 2022 07:55:00 +0100 ; Received: from mail3.ept.de (200.234.157.188) Date: Mon, 26 Dec 2022 14:00:51 +0100 ; Received: from mail5.mxc.infra.improvmx.com(87.246.22.41) Date: Wed, 28 Dec 2022 12:09:53 +0100 ; Received: from mta.email.onduo.com(177.37.10.95) Date: Thu, 29 Dec 2022 08:52:29 +0100 ; Received: from e96.umail.jobcase.com(212.236.82.81) Date: Fri, 30 Dec 2022 19:14:01 +0100 ; Received: from mta.mail1.editions-heritage.com(5.105.133.194) Date: Sat, 24 Dec 2022 16:09:09 +0100 ; Received: from mta010.addemar.com(5.105.154.222) Date: Fri, 30 Dec 2022 23:48:58 +0100 ; Received: from pr73.mxout.mta2.net(74.117.117.220) Date: Tue, 03 Jan 2023 11:11:40 +0100 ; Received: from mta.coindesk-email.com(212.236.152.6) Date: Mon, 02 Jan 2023 15:36:58 +0100 ; Received: from o23.email.airbnb.com(200.239.214.250) Date: Tue, 20 Dec 2022 10:42:25 +0100 ; Received: from xserv21474mail04.hybridserver.at(185.233.124.80) Date: Sat, 24 Dec 2022 17:02:19 +0100 ; Received: from mta.digital.ag2rlamondiale.fr(5.105.154.156) Date: Sun, 25 Dec 2022 21:28:39 +0100 ; Received: from mta20.link.reebok.com(5.105.144.153) Date: Mon, 26 Dec 2022 21:48:06 +0100 ; Received: from mailing.kvim.be (114.66.188.128) Date: Tue, 27 Dec 2022 13:03:24 +0100 ; Received: from mta.info.openluchtmuseum.nl(5.105.213.184) Date: Wed, 28 Dec 2022 14:04:08 +0100 ; Received: from mailing.nobtra.nl (5.105.145.50) Date: Thu, 29 Dec 2022 19:34:31 +0100 ; Received: from targetpackagingmail.esko-saas.com (212.236.154.9) Date: Fri, 30 Dec 2022 20:49:37 +0100 ; Received: from r75.e-mails.microsoft.com(114.66.190.15) Date: Sat, 31 Dec 2022 16:31:41 +0100 ; Received: from mail2.mxc.infra.improvmx.com(5.105.167.100) Date: Mon, 19 Dec 2022 13:11:53 +0100 ; Received: from mta99d8.r.grouponmail.fr(5.105.159.89) Date: Mon, 26 Dec 2022 19:45:33 +0100 ; Received: from mail4852.email.marimekko.com(185.199.199.199) Date: Wed, 28 Dec 2022 19:02:09 +0100 ; Received: from mail.owentrepanier.com(5.105.144.5) Date: Fri, 30 Dec 2022 14:09:35 +0100 ; Received: from mta.crm.toyota.com.cy (5.105.133.199) Date: Sun, 01 Jan 2023 09:19:56 +0100 ; Received: from o183.p8.mailjet.com(5.105.152.117) Date: Tue, 20 Dec 2022 09:30:41 +0100 ; Received: from mailing.publi4u.be(212.236.117.159) Date: Sat, 24 Dec 2022 12:19:19 +0100 ; Received: from mailgw.schoofs-gruppe.de(5.105.173.122) Date: Tue, 27 Dec 2022 11:18:57 +0100 ; Received: from mta4.link.dach-hellofresh.com(200.239.192.229) Date: Thu, 29 Dec 2022 14:31:11 +0100 ; Received: from mta.email.interepargne.natixis.com(177.136.245.194) Date: Sat, 31 Dec 2022 11:59:58 +0100 ; Received: from mta.news.wenz.com(200.234.163.26) Date: Tue, 20 Dec 2022 16:56:04 +0100 ; Received: from mta063.addemar.com(103.182.100.135) Date: Sun, 25 Dec 2022 08:08:13 +0100 ; Received: from mta.samsonite-email.com(114.66.162.59) Date: Sat, 31 Dec 2022 07:24:33 +0100 ; Received: from mail2.adm-group.com(200.234.158.238) Date: Sun, 01 Jan 2023 05:40:52 +0100 ; Received: from SN6PR01CA0017.prod.exchangelabs.com(2603:10b6:805:b6::30) Received: from mta35.link.adidas.com(87.246.22.29) Date: Thu, 29 Dec 2022 21:35:27 +0100 ; Received: from mail.opp.org (5.105.173.103) Date: Fri, 30 Dec 2022 22:17:32 +0100 ; Received: from mta2.link.aunz-hellofresh.com(74.117.118.131) Date: Sun, 01 Jan 2023 19:05:17 +0100 ; Received: from mta.mail.campeagle.camp (177.136.247.10) Date: Sun, 25 Dec 2022 16:47:33 +0100 ; Received: from mail1.blastingnews-mail.com(74.117.116.51) Date: Mon, 26 Dec 2022 04:22:28 +0100 ; Received: from mailing.parcours.nl(200.234.138.56) Date: Tue, 27 Dec 2022 19:44:55 +0100 ; Received: from mta.quintessence.hotelspreference.com(87.246.23.161) Date: Wed, 28 Dec 2022 15:57:34 +0100 ; Received: from mta.comunicacion.psafinance.es(5.105.155.25) Date: Fri, 23 Dec 2022 05:00:52 +0100 ; Received: from mta5.mail.all.com (200.234.138.96) Date: Sun, 25 Dec 2022 11:38:55 +0100 ; Received: from mail.rgs-seipp.de (5.105.128.9) Date: Tue, 27 Dec 2022 17:47:12 +0100 ; Received: from mail.inguat.gob.gt (114.66.161.40) Date: Wed, 28 Dec 2022 21:09:22 +0100 ; Received: from mail.liyaotools.com (5.105.133.115) Date: Fri, 23 Dec 2022 08:43:42 +0100 ; Received: from mail.rivermediallc.com(200.239.243.206) Date: Tue, 27 Dec 2022 21:44:55 +0100 ; Received: from mta.panels.mediametrie.fr(200.239.202.176) Date: Mon, 19 Dec 2022 17:46:40 +0100 ; Received: from pr139.mxout.mta2.net(139.190.108.183) Date: Tue, 27 Dec 2022 07:00:02 +0100 ; Received: from mail.pubradio.org(139.190.109.109) Date: Fri, 30 Dec 2022 05:51:31 +0100 ; Received: from mail.pubradio.org (5.105.128.155) Date: Sun, 25 Dec 2022 14:25:53 +0100 ; Received: from ebifccidhcee.ams03.turbo-smtp.net(200.234.161.57) Date: Mon, 26 Dec 2022 05:32:46 +0100 ; Received: from mta.email.audemarspiguet.com(212.236.226.3) Date: Tue, 20 Dec 2022 13:55:03 +0100 ; Received: from mta.e.huntermtn.com(5.105.205.130) Date: Wed, 28 Dec 2022 05:08:44 +0100 ; Received: from mta007.addemar.com(5.105.144.152) Date: Sun, 25 Dec 2022 11:35:35 +0100 ; Received: from mta29.em.target.com(5.105.153.74) Date: Sat, 31 Dec 2022 16:05:21 +0100 ; Received: from mta.kelleher-matchmaking.com(200.234.136.120) Date: Sun, 25 Dec 2022 11:44:34 +0100 ; Received: from o11.emails.geni.com(103.188.110.119) Date: Sat, 31 Dec 2022 21:03:17 +0100 ; Received: from mta.mailer.scalable.capital (200.239.192.248) Date: Sun, 01 Jan 2023 21:43:20 +0100 ; Received: from mail.lischke.com (200.239.242.24) Date: Tue, 03 Jan 2023 16:31:43 +0100 ; Received: from r2ggv9cgfpw3 (183.154.119.142) Date: Thu, 29 Dec 2022 22:07:36 +0800 ; Received: from mail.junglepowered.com(5.105.205.154) Date: Wed, 28 Dec 2022 07:29:32 +0100 ; Received: from mta.news.auchan.ro(185.199.198.36) Date: Fri, 30 Dec 2022 11:42:19 +0100 ; Received: from mail.dolde.de (114.66.191.245) Date: Wed, 21 Dec 2022 05:53:01 +0100 ; Received: from mta.mc.iit.edu (200.234.145.34) Date: Thu, 22 Dec 2022 14:06:09 +0100 ; Received: from smtp12.ymlpsvr.com(185.83.51.21) Date: Mon, 26 Dec 2022 16:48:48 +0100 ; Received: from mta.email.askteamclean.com(200.239.213.237) Date: Sun, 25 Dec 2022 16:34:28 +0100 ;
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
