I can confirm this. They are using 10+ random names for email at the known
isp domains with more then one name like that used. Very similar attempts
happen from both blackholed ip blocks and from other ip blocks. I'v so far
found two of these correlations in the logs and its not easy to notice it.
This is yet another technique spammers use to prepare for mass mailing
when they have multiple servers and want maximum effectiveness.
On Wed, 25 Jun 2003, Kee Hinckley wrote:
On another mailing list (still waiting for permission to quote),
someone running an ISP made the following claim.
He says that if he sets up his mail server to blackhole spam instead
of bounce it, the spammer shortly shifts to a different IP address
with slightly different text. He claims they are seeding the spam
with known bad addresses, and if they don't get back a failed status
from the SMTP server, they know that their spam is getting trapped by
filters.
I don't have any idea what methodology he's using, and without a good
control group to compare with this could be just a case of seeing
lots of spam. However conceptually it makes sense. It's the inverse
of checking for bounces on valid addresses, and it would allow a
spammer to fine-tune their message to get through filters.
Can anyone confirm this?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg