spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Constant .info domain spam

Constant .info domain spam

From: Julian Yap <julianokyap_at_nospam>
Date: Tue Oct 12 2010 - 20:32:39 GMT
To: users@spamassassin.apache.org

NOTE: I changed the domains below to 'dot info' as the mailing list
rejected my initial submission.

I'm pretty sure it's not just me but there is some constant spamming
from dot info domains. Perhaps for the past 2 months or so.

Often they send hundreds per day and consistently from the same IP's.

Are people using automated IP blacklists or something like that?

Some examples, today I am being bombed by:
laura_hurtbis817@treebluff dot info - 217.23.6.209
Go.Longer.902@peterosey dot info - 204.45.150.196
Alert.911@woodghost dot info - 64.32.6.4
Bankruptcy.Updates@bestetroqu dot info - 173.234.224.131
nick@maracaoonline dot info - 184.107.29.11
lisa@feeloffers dot info - 72.55.165.139
Beth@briesie dot info - 67.159.50.131
claudia_lauffe@redpinesales dot info - 174.37.134.225

The HELO is usally something like:
uri225.redpinesales dot info
rjwi4.woodghost dot info
lvhi11.maracaoonline dot info
esi139.feeloffers dot info
yyi131.bestetroqu dot info

So I'm thinking it's the same spammer/spam network/spam program you
buy off the shelf.

Any thoughts on combating this onslaught?

- Julian