Thanks, Paul. The #1 spam I'm seeing right now has the subject line "Subject: Why Internet was born?"; the domains from the URLs appear to be listed in Spamhaus DBL. Obviously a different batch. Andy Andrew Fried andrew.fried@gmail.com On 4/13/14, 3:59 AM, Paul Thornton wrote:
On 13/04/2014 08:10, Andrew Fried wrote:
Any chance you could provide a *clue* as to what you're seeing, eg message subject, from, etc???
The subjects seem to vary; but appear to involve animals, sex and cute women in various orders (apologies to anyone offended by that).
Content is a one-liner link to porn sites.
I agree with the RIPE DB scrape - the From: line on one of these is
From: "Registry ripenotify" <info@audiovisualcs.com> and the CC line contains our notify: E-mail (plus a load more of this junk to noc|peering|named contacts).
These seem to be botted machines sending mails 'legitimately' ie: headers appear to show that the first hop was relayed out through a normal route rather than just port 25 spray. Some are even kindly pre-marked as spam.
We've had >250 turn up since 23:34 UTC yesterday (12 April). Appears to have slowed/stopped around 05:00 UTC today (13 April).
Paul.