Print Page | Close Window

What does this mean?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5278
Printed Date: 31 July 2025 at 3:09am


Topic: What does this mean?
Posted By: Guests
Subject: What does this mean?
Date Posted: 26 July 2005 at 11:49pm

From time to time we get a cluster of connections from different hosts

as showb below. All within a few minutes and from different geo locations.

They all probe same non-existing recepient. come one who would have a n email address that starts with "a1aaa1azzzz1zaaaaa"?

My question to experts in this forum...What does this mean? what is the purpose? or how does it help spammers.

My take is that it is so simple to notice it... doesn't that a weekness?

Mush appreciated any reply. Thanks

Atlas

and how

 


07/26/05 21:38:09:101 -- (1680) Connection from: 222.181.226.109  -  Originating country : China
07/26/05 21:38:11:945 -- (1680) Resolving 222.181.226.109 - Not found
07/26/05 21:38:11:960 -- (1680) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:11:960 -- (1680) 222.181.226.109 - Mail from: mailto:Oriata@nctta.org - Oriata@nctta.org To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:11:960 -- (1680) Disconnect
07/26/05 21:38:12:476 -- (1680) Connection from: 69.164.195.64  -  Originating country : United States
07/26/05 21:38:13:023 -- (1680) Resolving 69.164.195.64 - eycb01-00-brtwga-69-164-195-64.atlaga.adelphia.net
07/26/05 21:38:13:023 -- (1680) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:13:023 -- (1680) 69.164.195.64 - Mail from: mailto:rafetmad@grungecafe.com - rafetmad@grungecafe.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:13:023 -- (1680) Disconnect
07/26/05 21:38:16:898 -- (1680) Connection from: 61.79.65.88  -  Originating country : Korea, Republic of
07/26/05 21:38:22:539 -- (1680) Resolving 61.79.65.88 - Not found
07/26/05 21:38:22:554 -- (1680) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:22:554 -- (1680) 61.79.65.88 - Mail from: mailto:lindig@ondagrupera.com - lindig@ondagrupera.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:22:554 -- (1680) Disconnect
07/26/05 21:38:34:289 -- (1680) Connection from: 200.114.160.94  -  Originating country : Argentina
07/26/05 21:38:37:367 -- (1680) Resolving 200.114.160.94 - 94-160-114-200.fibertel.com.ar
07/26/05 21:38:37:382 -- (1680) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:37:382 -- (1680) 200.114.160.94 - Mail from: mailto:mac@nctta.org - mac@nctta.org To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:37:382 -- (1680) Disconnect
07/26/05 21:38:56:742 -- (1268) Connection from: 24.63.120.137  -  Originating country : United States
07/26/05 21:38:58:039 -- (1268) Resolving 24.63.120.137 - c-24-63-120-137.hsd1.ma.comcast.net
07/26/05 21:38:58:039 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:38:58:039 -- (1268) 24.63.120.137 - Mail from: mailto:andy_henroid@pcmail.com.tw - andy_henroid@pcmail.com.tw To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:38:58:039 -- (1268) Disconnect
07/26/05 21:39:00:023 -- (1268) Connection from: 69.180.104.206  -  Originating country : United States
07/26/05 21:39:00:742 -- (1268) Resolving 69.180.104.206 - c-69-180-104-206.hsd1.fl.comcast.net
07/26/05 21:39:00:757 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:00:757 -- (1268) 69.180.104.206 - Mail from: mailto:jmeno@comidamexicana.com - jmeno@comidamexicana.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:00:757 -- (1268) Disconnect
07/26/05 21:39:03:148 -- (1268) Connection from: 61.73.164.207  -  Originating country : Korea, Republic of
07/26/05 21:39:04:632 -- (1268) Resolving 61.73.164.207 - Not found
07/26/05 21:39:04:632 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:04:632 -- (1268) 61.73.164.207 - Mail from: mailto:jdporter@britneyclub.com - jdporter@britneyclub.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:04:632 -- (1268) Disconnect
07/26/05 21:39:16:617 -- (1268) Connection from: 66.176.27.182  -  Originating country : United States
07/26/05 21:39:18:304 -- (1268) Resolving 66.176.27.182 - c-66-176-27-182.hsd1.fl.comcast.net
07/26/05 21:39:18:304 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:18:304 -- (1268) 66.176.27.182 - Mail from: mailto:ssanty@hotmail.com - ssanty@hotmail.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:18:304 -- (1268) Disconnect
07/26/05 21:39:23:367 -- (1268) Connection from: 213.254.73.154  -  Originating country : Spain
07/26/05 21:39:25:132 -- (1268) Resolving 213.254.73.154 - cable73a154.usuarios.retecal.es
07/26/05 21:39:25:132 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:25:132 -- (1268) 213.254.73.154 - Mail from: mailto:fsmehmet@horafeliz.com - fsmehmet@horafeliz.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:25:132 -- (1268) Disconnect
07/26/05 21:39:26:601 -- (1268) Connection from: 210.123.173.51  -  Originating country : Korea, Republic of
07/26/05 21:39:29:742 -- (1624) Connection from: 222.118.204.92  -  Originating country : Korea, Republic of
07/26/05 21:39:30:351 -- (1624) Disconnect
07/26/05 21:39:34:976 -- (1268) Resolving 210.123.173.51 - Not found
07/26/05 21:39:34:976 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:34:976 -- (1268) 210.123.173.51 - Mail from: mailto:gwhite@shaniastuff.com - gwhite@shaniastuff.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:34:976 -- (1268) Disconnect
07/26/05 21:39:39:742 -- (1268) Connection from: 61.180.64.15  -  Originating country : China
07/26/05 21:39:41:664 -- (1268) Resolving 61.180.64.15 - Not found
07/26/05 21:39:41:664 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:41:664 -- (1268) 61.180.64.15 - Mail from: mailto:jsimmons@allsaintsfan.com - jsimmons@allsaintsfan.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:41:664 -- (1268) Disconnect
07/26/05 21:39:43:382 -- (1268) Connection from: 201.2.211.115  -  Originating country : Brazil
07/26/05 21:39:45:585 -- (1268) Resolving 201.2.211.115 - 201-2-211-115.fnsce702.dsl.brasiltelecom.net.br
07/26/05 21:39:45:585 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:45:585 -- (1268) 201.2.211.115 - Mail from: mailto:Gsjm@gmx.de - Gsjm@gmx.de To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:45:601 -- (1268) Disconnect
07/26/05 21:39:46:117 -- (1268) Connection from: 24.198.45.218  -  Originating country : United States
07/26/05 21:39:47:070 -- (1268) Resolving 24.198.45.218 - cpe-24-198-45-218.maine.res.rr.com
07/26/05 21:39:47:070 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:39:47:070 -- (1268) 24.198.45.218 - Mail from: mailto:parport@u2club.com - parport@u2club.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:39:47:070 -- (1268) Disconnect
07/26/05 21:39:49:945 -- (1268) Connection from: 202.153.239.16  -  Originating country : Indonesia
07/26/05 21:40:03:242 -- (1268) Resolving 202.153.239.16 - 5299-16.indo.net.id
07/26/05 21:40:03:242 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:03:242 -- (1268) 202.153.239.16 - Mail from: mailto:newsadmin@jojomail.com - newsadmin@jojomail.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:40:03:242 -- (1268) Disconnect
07/26/05 21:40:11:367 -- (1268) Connection from: 71.111.102.150  -  Originating country : N/A
07/26/05 21:40:20:226 -- (1268) Resolving 71.111.102.150 - pool-71-111-102-150.ptldor.dsl-w.verizon.net
07/26/05 21:40:20:226 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:20:226 -- (1268) 71.111.102.150 - Mail from: mailto:albrecht@lovecat.com - albrecht@lovecat.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:40:20:226 -- (1268) Disconnect
07/26/05 21:40:21:585 -- (1268) Connection from: 24.127.157.126  -  Originating country : United States
07/26/05 21:40:22:132 -- (1268) Resolving 24.127.157.126 - c-24-127-157-126.hsd1.ca.comcast.net
07/26/05 21:40:22:132 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:22:132 -- (1268) 24.127.157.126 - Mail from: mailto:lew@yahoo.com - lew@yahoo.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:40:22:132 -- (1268) Disconnect
07/26/05 21:40:24:976 -- (1268) Connection from: 66.205.99.126  -  Originating country : United States
07/26/05 21:40:28:148 -- (1268) Resolving 66.205.99.126 - host-66-205-99-126.classicnet.net
07/26/05 21:40:28:148 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:28:148 -- (1268) 66.205.99.126 - Mail from: mailto:behanw@u2club.com - behanw@u2club.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:40:28:148 -- (1268) Disconnect
07/26/05 21:40:47:164 -- (1268) Connection from: 58.143.26.250  -  Originating country : N/A
07/26/05 21:40:55:851 -- (1268) Resolving 58.143.26.250 - Not found
07/26/05 21:40:55:867 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:40:55:867 -- (1268) 58.143.26.250 - Mail from: mailto:344angus@about.com - 344angus@about.com To: mailto:sslatergo@somedomain.com - sslatergo@somedomain.com will be disconnected
07/26/05 21:40:55:867 -- (1268) Disconnect
07/26/05 21:41:07:851 -- (1268) Connection from: 218.148.36.56  -  Originating country : Korea, Republic of
07/26/05 21:41:12:132 -- (1268) Resolving 218.148.36.56 - Not found
07/26/05 21:41:12:148 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:41:12:148 -- (1268) 218.148.36.56 - Mail from: mailto:1austin@a1isp.net - 1austin@a1isp.net To: mailto:sslatergo@somedomain.com - sslatergo@somedomain.com will be disconnected
07/26/05 21:41:12:148 -- (1268) Disconnect
07/26/05 21:41:19:304 -- (1268) Connection from: 217.79.76.15  -  Originating country : Bulgaria
07/26/05 21:41:20:257 -- (1120) Connection from: 222.70.143.9  -  Originating country : China
07/26/05 21:41:20:273 -- (1120) No Data Received
07/26/05 21:41:20:273 -- (1120) Disconnect
07/26/05 21:41:20:992 -- (1268) Resolving 217.79.76.15 - pc-10.club-1.dubrovnik-lan.net
07/26/05 21:41:20:992 -- (1268) - EmailTO is not in AuthorizedTOEmail list...
07/26/05 21:41:20:992 -- (1268) 217.79.76.15 - Mail from: mailto:unce@lovecat.com - unce@lovecat.com To: mailto:a1aaa1azzzz1zaaaaa@somedomain.com - a1aaa1azzzz1zaaaaa@somedomain.com will be disconnected
07/26/05 21:41:20:992 -- (1268) Disconnect


Replies:
Posted By: Marco
Date Posted: 27 July 2005 at 3:01am

it is probably a virus, my response would be to add the mail adress to the honeypot, and check on the ip's that get blocked.

Before i installed spf i also had 'someone' send us mails to some mail adress that didnt exist on this server, also with a load of numbers in the addy, Added to honeypot and the problem dissappeared, and no unwanted consequences in that case.

 



-------------
Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams


Print Page | Close Window