Hi, I've been receiving spam and phishing scams from Google IP(s).
All these messages have the sender domains associated either with Godaddy or
with Google work space.
Some of the sample sender domains are listed below:
**
craigmaldonado.monster
kepinbujang35.on
On 28/04/2021 01:31, Rob McEwen via mailop wrote:
(1) sent from legit Google mail servers
(2) the spammer's "payload URL" in the body of the message - is content
is hosted at storage[.]googleapis[.]com servers
(3) Those links are staying "live" for many days (possibly
weeks/months?)
This
On 4/27/2021 1:40 PM, Michael Peddemors via mailop wrote:
what suggestions does the list have as far as another data point in
these messages, and I can pass it along to the team/researchers
THIS regular expression!
*\bhttps:\/\/storage\.googleapis\.com\/[a-z0-9]{2,15}\/[a-z0-9]{2,15}\.html\b*
hehehe.. assume you are directing that to the Google outbound spam
filtering team ;) But need to recognize it in a way that it isn't a
whack a mole approach.. eg, chasing tenant ID's..
Valuable contribution none the less..
Need to be able to see a pattern that can automatically mark a tenant
Look at the next thing after the first / to get the Google tenant ID.
Typically that first subdirectory is common to a whole lot of this spam.
Some examples...
dsgdfdf
signaturesatori
svg02
bioun
assi98sd8a
Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your S
You may also want to restrict users from composing a single email with a large
number of recipients. The Postfix default is 2,000, controlled by e.g.:
postconf -e smtpd_recipient_limit=19
postconf -e smtpd_recipient_overshoot_limit=1
which would limit users to composing single email messages wi
Hi,
we have a small semi-open-registration mail server (not systemli.org, in
case you are wondering) and we would like to learn more about best
practices for rate limiting outgoing mail. We are using postfix.
We don't want to restrict our users too much, but obviously we also care
about not burde
On 2021-04-27 8:32 a.m., Hans-Martin Mosner via mailop wrote:
Am 27.04.21 um 17:00 schrieb Michael Peddemors via mailop:
Well, in better news, I get my vaccine shot tomorrow ;)
Great!
Havent' posted one of these in a while, but last couple of weeks has spam
auditors very busy..
* Huge amoun
On 2021-04-27 8:31 a.m., Rob McEwen via mailop wrote:
On 4/27/2021 11:00 AM, Michael Peddemors via mailop wrote:
New Google Groups style spam outbreak..
Many of them (or all of them?) are doing the following:
(1) sent from legit Google mail servers
(2) the spammer's "payload URL" in the bod
On 4/27/2021 11:00 AM, Michael Peddemors via mailop wrote:
New Google Groups style spam outbreak..
Many of them (or all of them?) are doing the following:
(1) sent from legit Google mail servers
(2) the spammer's "payload URL" in the body of the message - is content
is hosted at *storage[.]
Am 27.04.21 um 17:00 schrieb Michael Peddemors via mailop:
> Well, in better news, I get my vaccine shot tomorrow ;)
Great!
>
> Havent' posted one of these in a while, but last couple of weeks has spam
> auditors very busy..
>
> * Huge amounts of reports from Azure IP(s), Hit and Run
>
> (If you a
Well, in better news, I get my vaccine shot tomorrow ;)
Havent' posted one of these in a while, but last couple of weeks has
spam auditors very busy..
* Huge amounts of reports from Azure IP(s), Hit and Run
(If you are seeing the same, and frustrated, reach out, we can post one
days report,
12 matches
Mail list logo
