ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] What this?

2003-04-26 18:54:48
from [waltdnes] [Permanent Link] 
On Thu, Apr 24, 2003 at 10:56:05AM +0200, Reinhold Jordan wrote

Hi all,

can anybody tell me, why spammers try to send a mail with a lot
of wrong IPs? I found this in my logfile (receiver-address changed):
 
reject by critical domain from Anna_xxl589746(_at_)web(_dot_)de at [various 
IP addresses] to user(_at_)domain(_dot_)de


  You're not the only one.  Here's a series of attempts from all over
the place...

Mar 30 00:34:27 manson filt-smtpd[31485]: DENYMAIL: 
(qtWhatUgger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[80.181.194.122]: 550 BLOCKED: See 
http://www.monkeys.com/upl/listed-ip-0.cgi?ip=80.181.194.122
Mar 31 00:39:49 manson filt-smtpd[15822]: DENYMAIL: 
(uhkWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[202.155.16.242]: 550 202.155.16/24 is in id, rejected based on geographical 
location
Mar 31 02:36:05 manson filt-smtpd[21611]: DENYMAIL: 
(ifWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[203.191.33.32]: 550 BLOCKED: See 
http://www.monkeys.com/upl/listed-ip-0.cgi?ip=203.191.33.32
Mar 31 02:36:05 manson filt-smtpd[21610]: DENYMAIL: 
(mdWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[203.191.33.32]: 550 BLOCKED: See 
http://www.monkeys.com/upl/listed-ip-0.cgi?ip=203.191.33.32
Mar 31 02:57:06 manson filt-smtpd[22646]: DENYMAIL: 
(ffWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[218.98.164.36]: 550 218.98/16 is in cn, rejected based on geographical location
Mar 31 02:57:12 manson filt-smtpd[22678]: DENYMAIL: 
(mnccWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[203.191.33.32]: 550 BLOCKED: See 
http://www.monkeys.com/upl/listed-ip-0.cgi?ip=203.191.33.32
Mar 31 02:57:12 manson filt-smtpd[22671]: DENYMAIL: 
(niWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[213.107.96.117]: 550 BLOCKED: See 
http://www.monkeys.com/upl/listed-ip-0.cgi?ip=213.107.96.117
Mar 31 02:58:15 manson filt-smtpd[22704]: DENYMAIL: 
(kyWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[193.251.188.17]: 550 193.251/16 is in fr, rejected based on geographical 
location
Mar 31 02:58:15 manson filt-smtpd[22705]: DENYMAIL: 
(psWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[193.251.188.17]: 550 193.251/16 is in fr, rejected based on geographical 
location
Mar 31 03:17:07 manson filt-smtpd[23686]: DENYMAIL: 
(wkscWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[218.184.98.210]: 550 218.184/16 is in tw, rejected based on geographical 
location
Mar 31 03:36:11 manson filt-smtpd[24702]: DENYMAIL: 
(lqWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[202.155.16.242]: 550 202.155.16/24 is in id, rejected based on geographical 
location
Mar 31 03:36:44 manson filt-smtpd[24713]: DENYMAIL: 
(jposWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[202.155.16.242]: 550 202.155.16/24 is in id, rejected based on geographical 
location
Mar 31 03:36:49 manson filt-smtpd[24701]: DENYMAIL: 
(imuiWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[193.251.188.17]: 550 193.251/16 is in fr, rejected based on geographical 
location
Mar 31 03:36:58 manson filt-smtpd[24706]: DENYMAIL: 
(jjWhatUger1(_at_)hotmail(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[193.251.188.17]: 550 193.251/16 is in fr, rejected based on geographical 
location

  Here's my theory.  Well-organized spam-gangs have compromised many
thousands of personal computers all over the world.  They run a central
system somewhere that attempts to spam from one compromised machine, and
if one transmission attempt fails, they try from the next compromised
machine, etc, until they manage to deliver (or run out of compromised
machines).  It's a testament to the effectiveness of various DNSbls that
things have gotten to the point where spammers need to put forth this
much effort to get past some people's filters.

-- 
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] A New Plan for No Spam / DNSBLS, J C Lawrence
Next by Date:  Re: [Asrg] A New Plan for No Spam / DNSBLS, Steven F Siirila
Previous by Thread:  [Asrg] What this?, Reinhold Jordan
Next by Thread:  RE: [Asrg] What this?, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]