[Mimedefang] Dictionary-word sender smtp addresses
Cormack, Ken
ken.cormack at roadway.com
Wed Oct 4 16:52:36 EDT 2006
Has anyone else been seeing a lot of email over the past few months, with
sender addresses generally in the format "aaa at bbbbbbb-ccccccc.com", where
"aaa" is generally a 3 to 7-character string of random letters, and
"bbbbbbb-ccccccc" are basically random, unrelated dictionary words? Some
examples would be:
fdt at inspired-styling.com
gsa at ultimate-phoenix.com
AIQ at required-solvency.com
Crfm at insinuating-sweetness.com
canon at biochemical-purification.com
eak26 at billiard-dictionary.com
lcr at promissory-property.com
tcv at courageous-persistence.com
hdlp at impending-renovation.com
ibm at significant-computation.com
I also see variants of the theme, in which the domain is still comprised of
two apparantly random, unrelated dictionary terms, but lacking the hyphen.
My greylisting is blocking these, but only after the DATA phase, after
expensive SA overhead. Has anyone tried or found any clever ways to help
detect these, before the DATA phase? DNS shows that in most cases, the name
servers for most of these contain the word "marketing" somewhere in them,
but I'm curious to see what ideas people have considered, tried, or
implemented.
Ken
More information about the MIMEDefang
mailing list