Wednesday, April 28, 2004

Been hit by a few of these recently - spammers pretty-much brute-forcing my mailbox. Got about 100 of these (indeed, it may have been 100, indicating a script loop?) in very close succession, all to a different set of address at my domain:


Received: from d14-69-155-223.try.wideopenwest.com (d14-69-155-223.try.wideopenwest.com [69.14.223.155])
by saturn.web-hosting.com (8.11.1/8.11.1) with SMTP id i3S7Zpj22504;
Wed, 28 Apr 2004 03:35:52 -0400 (EDT)
Received: from 177.249.80.199 by 69.14.223.155; Wed, 28 Apr 2004 05:32:57 -0400
Message-ID: WCKTAVFCACRNKBGAGJMRT@example.com
From: "Paulette Rangel" snadam@example.com
Reply-To: "Paulette Rangel" snadam@example.com
To: sheffield@example.net
Cc: sheridan@example.net, shoemaker@example.net, shook@example.net,
siegel@example.net, silver@example.net, simms@example.net,
simons@example.net, sinclair@example.net
Subject: (no subject)
Date: Wed, 28 Apr 2004 07:29:57 -0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--608013925959783"
X-IP: 228.248.160.106
X-Priority: 3


- anything not to my main address, and a few others, get through to me, including this "new" spam, which means that my spam filtering rules need to be updated somehow. I'm thinking of checking the To: and CC: fields for more than 2 non-main addresses, and /dev/nulling it if that's the case, but I could throw in a check for a URL in the body too, I guess. Doesn't prevent them from sending each one individually though.

No comments: