bizarre fishing expedition of the day
Like everyone else who runs a server connected to a public network, I've got a mailserver that spends approximately 100% of its time rejecting spam and thwarting address-fishing expeditions. Over the last couple of days the address-fishers have been getting very busy, and have been hammering my machine with 3-500 wrong numbers a day. Some of them look like they're just the usual crop of phone-book fishing, but some of them are, um, a little bit stranger:
1 | 200001200102.raa15922@pell.portland.or.us |
1 | 200001200442.uaa17112@pell.portland.or.us |
1 | 3jole@bmla.com |
1 | 41harvey@phayze.com |
1 | 4holly@pell.portland.or.us |
45 | 6edfi2zf993wr5y@cyteen.pell.portland.or.us |
3 | 7kc@pell.pell.portland.or.us |
57 | 7sdmt4ihrxsl5ro@pell.pell.portland.or.us |
1 | alexnolly@pell.portland.or.us |
1 | amdorc@pell.portland.or.us |
1 | atq@pell.pell.portland.or.us |
1 | bobby@pell.portland.or.us |
1 | chris@pell.portland.or.us |
30 | d8wnmikhkysrpw6@pell.portland.or.us |
1 | de-lurkingholly@pell.portland.or.us |
1 | du4@pell.pell.portland.or.us |
1 | fan@pell.pell.portland.or.us |
2 | fifizpw@pell.portland.or.us |
1 | gabriel@pell.portland.or.us |
5 | gerbertcordie@pell.portland.or.us |
3 | griff@pell.portland.or.us |
1 | hoang@pell.portland.or.us |
9 | hvt@pell.pell.portland.or.us |
1 | j49@pell.pell.portland.or.us |
1 | jaap@pell.portland.or.us |
1 | junk@pell.portland.or.us |
1 | kankkunen@pell.portland.or.us |
1 | knq@pell.pell.portland.or.us |
1 | krab@pell.portland.or.us |
30 | law7dk5m4sdbnwp@pell.pell.portland.or.us |
1 | macgyver@pell.portland.or.us |
1 | mimu@pell.portland.or.us |
1 | noreply@pell.portland.or.us |
2 | o49@pell.pell.portland.or.us |
1 | oe7@pell.pell.portland.or.us |
2 | p1u@pell.portland.or.us |
1 | pascal@pell.portland.or.us |
60 | r300nn17hg9k6ps@pell.portland.or.us |
21 | ryan@pell.portland.or.us |
4 | shields@pell.portland.or.us |
2 | trever@pell.portland.or.us |
4 | uhl@pell.portland.or.us |
1 | walhqrer@pell.portland.or.us |
1 | wegner_thomas@pell.portland.or.us |
1 | xxx@pell.portland.or.us |
r300nn17hg9k6ps@pell.portland.or.us? That's not a email address, that's a message-id. And, furthermore, it's not a messageid that any of the mail or news software I use will generate. Have the spammers started to do mix and match domain x username, on the hopes that they'll find the motherload of macgyver usernames somewhere?
Comments
I guess I’ve been lucky, or that my antispam has been stopping most of the people before they even got into my <a href=“http://www.pell.portland.or.us/~orc/Code/postoffice”>mail server, because I’ve only started to see the message-id addresses in the last couple of days (and the only reason I’ve noticed them is that the number of WRONG NUMBERs has shot up; normally, I expect to see at worst a dozen repeated attempts as particularly stupid spamware beats against the cargo bay doors, but yesterday, well, you can see the sort of results that come from my syslogs.)
Comments are closed
“Started”? I’ve been seeing this sort of thing for over 5 years now. One of the more persistent ones that is still getting spam after all these years is “doxilg.b6p@[mydomain]”.
Another weird thing I see is legitimate email addresses with some other word bunged on the front. I think this might be due to one of those Outlook address book reading viruses that grabbed the email address and some of the descriptive text from in front of it. Or possibly it was defective web crawlers. Examples in yesterday’s pflogsumm log summary include “guestvjrnts@[mydomain]” (vjrnts is the legit part) and “airportptomblin@[mydomain]” (ptomblin is the legit part) and “donutslberlind@[mydomain]” (lberlind is legit).
One thing that I haven’t seen in a while is spam addressed to Gregory Tombline. I used to get a lot of it, and when I googled for his name, the only place I could find it anywhere near my own email address was on a NASA page for a space mission called Stardust where you could sign up to have your name blasted into space in some sort of micro chip.