On 1/3/2020 11:02 AM, Kris Deugau wrote:
Philip Prindeville wrote:
I’m getting the following Spam.
http://www.redfish-solutions.com/misc/bluechew.eml
Received: from phylobago.mysecuritycamera.org
(ec2-34-210-5-63.us-west-2.compute.amazonaws.com [34.210.5.63])
I have a local rule adding a couple of points for anything coming
direct-to-MX from any Amazon compute node, period.
I added this on the basis of Amazon's abuse-reporting web form insisting
that activity from any given IP may be from many AWS customers over a
span of a few minutes. Legitimate mail servers do not randomly change
sending or receiving domains over this timespan, so therefore, Amazon
compute nodes should not be sending direct-to-MX, at all, ever.
Reality has intruded and there are in fact static IP assignments in the
.compute.amazonaws.com tree (as well as ISP customers of ours who have
websites with webforms on AWS, which send mail to their ISP mailbox - or
sometimes their domain mailbox that's hosted with us) - otherwise I'd
have scored the rule a lot higher.
Expect to see a lot more of these due to
https://github.com/0x4447/0x4447_product_s3_email/blob/master/README.md
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
