On 11/4/2018 3:06 PM, Mik J wrote:
Thank you Peter for this opinion.
Misc User, these gmail, live, yahoo spams you're talking about are really
comming from IP addresses that belong to them ? Because on my side it seems
it's not the case.
In my greylist right now I have rosaronald70s...@gmail.com but if I check the
IP that originated the spam it's from China Unicom Henan province network. I
check a second one and it's also from that ISP.
On the other hand if spam is coming from gmail, live, outlook we can blame them
for not filtering out these spams and high volume sent mails.
With google you cannot send mails to more than 500 people within 24h
Le dimanche 4 novembre 2018 à 23:49:47 UTC+1, Misc User
<open...@leviathanresearch.net> a écrit :
On 11/4/2018 2:25 PM, Mik J wrote:
Hello Peter,
Thank you for this article.
Do you know why, and particularly Microsoft, use very random IPs to send mails.
In that way, they make greylisting not as reliable as it should be. We could
all use greylisting if google or microsoft would use the same 4 or 5 IPs to
retry sending the mails.
Google and Microsoft don't help to fight against spam.
In my experience Google and Microsoft are the source of most of my spam.
About 80% of it comes from a hijacked gmail, live.com, or outlook.com
accounts. The rest from yahoo and gmx.com addresses with a sprinkling
of one-off spam domains making up the last percentage points.
Yep, coming from legitimate servers. All the mail I look after goes
through a filter that does both a reverse-lookup of the IP address as
well as a lookup of the owner for the AS number that that IP belongs to
and will flag up any differences (I have a table that it uses to list
what domains are owned by what corporate entities assembled from whois
lookups against the domain and recording the entity). This also goes
into a set of filters to flag email from domains registered within the
last 30 days.
I work for an MSSP that does virtual SOC work for a lot of high profile
clients where a successful piece of spam has a high chance of a massive
return. I've noticed that a lot of spam will cycle through a bunch of
different accounts with the accounts never being used twice for the same
destination (I presume to avoid wasting time hitting personal spam
filters) and will only send a few messages to the same destination
domain (Probably to avoid company-wide filters). The sending account
seems to also only be used to send 100 messages per day before the next
account is used (At least this is what I've seen when looking at data
across all clients), probably to avoid the mail providers sending limit.
