[Dshield] Spam Problem

Brad Spencer brad.madison at mail.tds.net
Mon Jan 12 19:57:19 GMT 2004


At 11:59 AM 1/12/2004 -0500, you wrote:

>Actually, the real answer "None of the above." Well, maybe, kind-of, the 
>latter.

I understand all you say and I was making an assumption.  I've seen the 
relay test messages from this particular spammer from just two IPs.  The 
first IP was in the Washington, DC area and the second was in the Los 
Angeles, CA area.  It's certainly possible that the spammer was abusing an 
open proxy (or something similar.)  I concluded it was the spammer's own IP 
from the constancy of the IP addresses as source.  First the one, time 
after time, and then the other, time after time.  At the same time I 
trapped other relay tests that went to the same dropbox address but which 
hopped around as to source.  That's in accord with what you describe.  I 
don't absolutely know that the fixed IP from which the tests came was the 
spammer's - but that's what I would bet.  Had I succeeded in persuading 
Verizon (both geographical locations) that this was abuse worth tracking 
maybe something would have happened.

Your message prompted me to browse my directory of trapped test 
messages.  Here's a great dropbox address:

rapeyourserver at yahoo.com

Here's another that appeared frequently:

mikebsmith at connectfree.co.UK

Also, this one:

eabgroupcoastal at yahoo.com

Plus some others.  Too bad I no longer collect these: I'd love to see who 
is still testing for open relay.





More information about the list mailing list