[Dshield] Big Jump in Open Relay Mailers

Brad Spencer brad.madison at mail.tds.net
Mon Feb 2 18:27:22 GMT 2004


At 10:16 AM 2/2/2004 -0500, you wrote:

>Anyone have an solid information here?


Have you tried making a telnet connection to port 25 on a few of those to 
see what the banner says is the mailer?  How is it you can tell they are 
open relays? - the headers could lie.  How are the IPs distributed by ISP, 
by geographic location?

It could be as simple as  a new spammer starting up or an old spammer going 
back to open relays.

If true open relays are being targeted that makes open relay honeypots a 
strong countermeasure.




More information about the list mailing list