On 1/3/2020 11:02 AM, Kris Deugau wrote:
Philip Prindeville wrote:
I’m getting the following Spam.

http://www.redfish-solutions.com/misc/bluechew.eml

Received: from phylobago.mysecuritycamera.org (ec2-34-210-5-63.us-west-2.compute.amazonaws.com [34.210.5.63])

I have a local rule adding a couple of points for anything coming direct-to-MX from any Amazon compute node, period.

I added this on the basis of Amazon's abuse-reporting web form insisting that activity from any given IP may be from many AWS customers over a span of a few minutes.  Legitimate mail servers do not randomly change sending or receiving domains over this timespan, so therefore, Amazon compute nodes should not be sending direct-to-MX, at all, ever.

Reality has intruded and there are in fact static IP assignments in the .compute.amazonaws.com tree (as well as ISP customers of ours who have websites with webforms on AWS, which send mail to their ISP mailbox - or sometimes their domain mailbox that's hosted with us) - otherwise I'd have scored the rule a lot higher.

Expect to see a lot more of these due to
https://github.com/0x4447/0x4447_product_s3_email/blob/master/README.md



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Reply via email to