Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - What does this mean?
  FAQ FAQ  Forum Search   Register Register  Login Login

What does this mean?

 Post Reply Post Reply
Author
Atlas View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Atlas Quote  Post ReplyReply Direct Link To This Post Topic: What does this mean?
    Posted: 26 July 2005 at 11:49pm

From time to time we get a cluster of connections from different hosts

as showb below. All within a few minutes and from different geo locations.

They all probe same non-existing recepient. come one who would have a n email address that starts with "a1aaa1azzzz1zaaaaa"?

My question to experts in this forum...What does this mean? what is the purpose? or how does it help spammers.

My take is that it is so simple to notice it... doesn't that a weekness?

Mush appreciated any reply. Thanks

Atlas

and how

 


07/26/05 21:38:09:101 -- (1680) Connection from: 222.181.226.109  -  Originating country : China
07/26/05 21:38:11:945 -- (1680) Resolving 222.181.226.109 - Not found
07/26/05 21:38:11:960 -- (1680) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:11:960 -- (1680) 222.181.226.109 - Mail from: Oriata@nctta.org To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:11:960 -- (1680) Disconnect
07/26/05 21:38:12:476 -- (1680) Connection from: 69.164.195.64  -  Originating country : United States
07/26/05 21:38:13:023 -- (1680) Resolving 69.164.195.64 - eycb01-00-brtwga-69-164-195-64.atlaga.adelphia.net
07/26/05 21:38:13:023 -- (1680) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:13:023 -- (1680) 69.164.195.64 - Mail from: rafetmad@grungecafe.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:13:023 -- (1680) Disconnect
07/26/05 21:38:16:898 -- (1680) Connection from: 61.79.65.88  -  Originating country : Korea, Republic of
07/26/05 21:38:22:539 -- (1680) Resolving 61.79.65.88 - Not found
07/26/05 21:38:22:554 -- (1680) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:22:554 -- (1680) 61.79.65.88 - Mail from: lindig@ondagrupera.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:22:554 -- (1680) Disconnect
07/26/05 21:38:34:289 -- (1680) Connection from: 200.114.160.94  -  Originating country : Argentina
07/26/05 21:38:37:367 -- (1680) Resolving 200.114.160.94 - 94-160-114-200.fibertel.com.ar
07/26/05 21:38:37:382 -- (1680) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:37:382 -- (1680) 200.114.160.94 - Mail from: mac@nctta.org To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:37:382 -- (1680) Disconnect
07/26/05 21:38:56:742 -- (1268) Connection from: 24.63.120.137  -  Originating country : United States
07/26/05 21:38:58:039 -- (1268) Resolving 24.63.120.137 - c-24-63-120-137.hsd1.ma.comcast.net
07/26/05 21:38:58:039 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:58:039 -- (1268) 24.63.120.137 - Mail from: andy_henroid@pcmail.com.tw To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:58:039 -- (1268) Disconnect
07/26/05 21:39:00:023 -- (1268) Connection from: 69.180.104.206  -  Originating country : United States
07/26/05 21:39:00:742 -- (1268) Resolving 69.180.104.206 - c-69-180-104-206.hsd1.fl.comcast.net
07/26/05 21:39:00:757 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:00:757 -- (1268) 69.180.104.206 - Mail from: jmeno@comidamexicana.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:00:757 -- (1268) Disconnect
07/26/05 21:39:03:148 -- (1268) Connection from: 61.73.164.207  -  Originating country : Korea, Republic of
07/26/05 21:39:04:632 -- (1268) Resolving 61.73.164.207 - Not found
07/26/05 21:39:04:632 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:04:632 -- (1268) 61.73.164.207 - Mail from: jdporter@britneyclub.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:04:632 -- (1268) Disconnect
07/26/05 21:39:16:617 -- (1268) Connection from: 66.176.27.182  -  Originating country : United States
07/26/05 21:39:18:304 -- (1268) Resolving 66.176.27.182 - c-66-176-27-182.hsd1.fl.comcast.net
07/26/05 21:39:18:304 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:18:304 -- (1268) 66.176.27.182 - Mail from: ssanty@hotmail.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:18:304 -- (1268) Disconnect
07/26/05 21:39:23:367 -- (1268) Connection from: 213.254.73.154  -  Originating country : Spain
07/26/05 21:39:25:132 -- (1268) Resolving 213.254.73.154 - cable73a154.usuarios.retecal.es
07/26/05 21:39:25:132 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:25:132 -- (1268) 213.254.73.154 - Mail from: fsmehmet@horafeliz.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:25:132 -- (1268) Disconnect
07/26/05 21:39:26:601 -- (1268) Connection from: 210.123.173.51  -  Originating country : Korea, Republic of
07/26/05 21:39:29:742 -- (1624) Connection from: 222.118.204.92  -  Originating country : Korea, Republic of
07/26/05 21:39:30:351 -- (1624) Disconnect
07/26/05 21:39:34:976 -- (1268) Resolving 210.123.173.51 - Not found
07/26/05 21:39:34:976 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:34:976 -- (1268) 210.123.173.51 - Mail from: gwhite@shaniastuff.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:34:976 -- (1268) Disconnect
07/26/05 21:39:39:742 -- (1268) Connection from: 61.180.64.15  -  Originating country : China
07/26/05 21:39:41:664 -- (1268) Resolving 61.180.64.15 - Not found
07/26/05 21:39:41:664 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:41:664 -- (1268) 61.180.64.15 - Mail from: jsimmons@allsaintsfan.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:41:664 -- (1268) Disconnect
07/26/05 21:39:43:382 -- (1268) Connection from: 201.2.211.115  -  Originating country : Brazil
07/26/05 21:39:45:585 -- (1268) Resolving 201.2.211.115 - 201-2-211-115.fnsce702.dsl.brasiltelecom.net.br
07/26/05 21:39:45:585 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:45:585 -- (1268) 201.2.211.115 - Mail from: Gsjm@gmx.de To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:45:601 -- (1268) Disconnect
07/26/05 21:39:46:117 -- (1268) Connection from: 24.198.45.218  -  Originating country : United States
07/26/05 21:39:47:070 -- (1268) Resolving 24.198.45.218 - cpe-24-198-45-218.maine.res.rr.com
07/26/05 21:39:47:070 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:47:070 -- (1268) 24.198.45.218 - Mail from: parport@u2club.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:47:070 -- (1268) Disconnect
07/26/05 21:39:49:945 -- (1268) Connection from: 202.153.239.16  -  Originating country : Indonesia
07/26/05 21:40:03:242 -- (1268) Resolving 202.153.239.16 - 5299-16.indo.net.id
07/26/05 21:40:03:242 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:03:242 -- (1268) 202.153.239.16 - Mail from: newsadmin@jojomail.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:40:03:242 -- (1268) Disconnect
07/26/05 21:40:11:367 -- (1268) Connection from: 71.111.102.150  -  Originating country : N/A
07/26/05 21:40:20:226 -- (1268) Resolving 71.111.102.150 - pool-71-111-102-150.ptldor.dsl-w.verizon.net
07/26/05 21:40:20:226 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:20:226 -- (1268) 71.111.102.150 - Mail from: albrecht@lovecat.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:40:20:226 -- (1268) Disconnect
07/26/05 21:40:21:585 -- (1268) Connection from: 24.127.157.126  -  Originating country : United States
07/26/05 21:40:22:132 -- (1268) Resolving 24.127.157.126 - c-24-127-157-126.hsd1.ca.comcast.net
07/26/05 21:40:22:132 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:22:132 -- (1268) 24.127.157.126 - Mail from: lew@yahoo.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:40:22:132 -- (1268) Disconnect
07/26/05 21:40:24:976 -- (1268) Connection from: 66.205.99.126  -  Originating country : United States
07/26/05 21:40:28:148 -- (1268) Resolving 66.205.99.126 - host-66-205-99-126.classicnet.net
07/26/05 21:40:28:148 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:28:148 -- (1268) 66.205.99.126 - Mail from: behanw@u2club.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:40:28:148 -- (1268) Disconnect
07/26/05 21:40:47:164 -- (1268) Connection from: 58.143.26.250  -  Originating country : N/A
07/26/05 21:40:55:851 -- (1268) Resolving 58.143.26.250 - Not found
07/26/05 21:40:55:867 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:55:867 -- (1268) 58.143.26.250 - Mail from: 344angus@about.com To: sslatergo@somedomain.com will be disconnected
07/26/05 21:40:55:867 -- (1268) Disconnect
07/26/05 21:41:07:851 -- (1268) Connection from: 218.148.36.56  -  Originating country : Korea, Republic of
07/26/05 21:41:12:132 -- (1268) Resolving 218.148.36.56 - Not found
07/26/05 21:41:12:148 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:41:12:148 -- (1268) 218.148.36.56 - Mail from: 1austin@a1isp.net To: sslatergo@somedomain.com will be disconnected
07/26/05 21:41:12:148 -- (1268) Disconnect
07/26/05 21:41:19:304 -- (1268) Connection from: 217.79.76.15  -  Originating country : Bulgaria
07/26/05 21:41:20:257 -- (1120) Connection from: 222.70.143.9  -  Originating country : China
07/26/05 21:41:20:273 -- (1120) No Data Received
07/26/05 21:41:20:273 -- (1120) Disconnect
07/26/05 21:41:20:992 -- (1268) Resolving 217.79.76.15 - pc-10.club-1.dubrovnik-lan.net
07/26/05 21:41:20:992 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:41:20:992 -- (1268) 217.79.76.15 - Mail from: unce@lovecat.com To: a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:41:20:992 -- (1268) Disconnect

Back to Top
Marco View Drop Down
Senior Member
Senior Member
Avatar

Joined: 07 June 2005
Location: Netherlands
Status: Offline
Points: 137
Post Options Post Options   Thanks (0) Thanks(0)   Quote Marco Quote  Post ReplyReply Direct Link To This Post Posted: 27 July 2005 at 3:01am

it is probably a virus, my response would be to add the mail adress to the honeypot, and check on the ip's that get blocked.

Before i installed spf i also had 'someone' send us mails to some mail adress that didnt exist on this server, also with a load of numbers in the addy, Added to honeypot and the problem dissappeared, and no unwanted consequences in that case.

 

Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.