Unsolicited Email AdvisoryThe inbred miscreants that deluge the Internet with unsolicited email (SPAM) have recently been sending emails that appear to be coming from email@example.com.
Return-Path: <dwtreaclem&treacle.com> Received: (qmail 3220 invoked from network); 26 Jun 2008 23:59:59 -0700 Received: from unknown (HELO ?126.96.36.199?) (188.8.131.52) (1) by rothackeradv.com with SMTP; 26 Jun 2008 23:59:59 -0700 Received: from [184.108.40.206] by mail.treacle.com; Fri, 27 Jun 2008 15:59:59 +0900 (2) Date: Fri, 27 Jun 2008 15:59:59 +0900 From: "Lenore Weber" <firstname.lastname@example.org> (3) X-Mailer: The Bat! (v2.00.8) Educational Reply-To: email@example.com (4)
Undeliverable or rejected emails that are sent to the spoofed return address are typically rejected by the mail server. Four that were accepted were looked at to determine the SPAM source IP address, which are listed below:
220.127.116.11 h83-174-230-70.adsl.ufamts.ru. (Russia) 18.104.22.168 ds-nat-128-162.datasvit.net. (Russia) 22.214.171.124 90.188.10-75.xdsl.ab.ru (Russia) 126.96.36.199 host-217-170-220-40.arctel.ru (Russia)There appears to be large volume of SPAM with a spoofed return address of firstname.lastname@example.org based on the increase in DNS queries and SMTP rejections seen in the server logs. As a result, the firewall drops traffic from a number of netblocks, and the email server will reject email from additional netblocks and known sources of SPAM.