[Outages-discussion] [outages] Crazy amts of spoofing?

Jay Ashworth jra at baylink.com
Wed Apr 9 13:18:17 EDT 2014


[ moving to -discuss; hope everyone's there ]

It's been posited that the end of security updates for WinXP will be 
likely to cause an uptick in the amount of bot sent spam and attacks.

Something which -- by the way -- might be easier to kill off if all
edge network operators were implementing BCP38.

BCP38: ask for it by name!

Cheers,
-- jr 'www.bcp38.info' a

----- Original Message -----
> From: "Blake Pfankuch - Mailing List" <blake.mailinglist at pfankuch.me>
> To: "Bill Wichers" <billw at waveform.net>, "Eric Henson" <ehenson at pfsweb.com>
> Cc: "outages" <outages at outages.org>
> Sent: Friday, April 4, 2014 11:23:47 PM
> Subject: Re: [outages] Crazy amts of spoofing?
> I keep an old email address out there just so I can trend the spam in
> the world. I usually get 250-300 messages a day of junk in that
> mailbox, with peak counts being M-F 6am to 6pm Mountain Time.
> 
> Since Thursday last week, I have been averaging almost 450 a day, with
> a peak of 630 messages yesterday. I have had reports from a few family
> members saying they have seen Email with my name on it, but smash
> keyboard email addresses over the past few weeks as well.
> 
> From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Bill
> Wichers
> Sent: Friday, April 4, 2014 3:24 PM
> To: Eric Henson
> Cc: outages
> Subject: Re: [outages] Crazy amts of spoofing?
> 
> While not spoofing specifically, we've been seeing abnormally high
> amounts of general nefarious network activity this year. It was
> especially bad during the height of the ntp ddos problem in
> January/February but still seems higher than it was last year.
> 
> Sent from my iPhone
> 
> On Apr 4, 2014, at 5:22 PM, "Eric Henson"
> <ehenson at pfsweb.com<mailto:ehenson at pfsweb.com>> wrote:
> I've seen this-sporadically-for a year now probably, although my users
> started reporting it in March (or maybe February 25th).
> 
> --
> ERIC HENSON
> Solutions Architect for Systems Organization
> PFSweb | www.pfsweb.com<http://www.pfsweb.com/>
> p: 972.881.2900 x3104
> m: 972.948.3424
> 
> From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Tony
> Patti
> Sent: Friday, April 04, 2014 4:02 PM
> To: 'Neil Ticktin'; 'outages'
> Subject: Re: [outages] Crazy amts of spoofing?
> 
> I've seen (work, family, friends) an increased amount of spoofing
> since February 25.
> 
> The first two emails I looked at that day were sent thru email servers
> in UK and France.
> 
> Tony Patti
> CIO
> S. Walter Packaging Corp.
> 
> From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Neil
> Ticktin
> Sent: Friday, April 04, 2014 4:17 PM
> To: outages
> Subject: [outages] Crazy amts of spoofing?
> 
> Anyone seeing crazy amounts of spoofing that are going out to what
> looks like address book entries?
> 
> In other words, not from your client, not from your server, but
> spoofing an email address that's yours, and going to recipients that
> look like your address book (e.g., grouped by last name and to people
> you know).
> 
> I don't want to point fingers, and I have no evidence of this in any
> way, but it almost looks like a social network site, that may have
> access to address book entries, got hit -- and someone is spoofing big
> time.
> 
> The other option would be a Mac virus hitting address book entries.
> 
> Anyone seeing anything this?
> 
> Neil
> 
> ------------------------
> This email was scanned by BitDefender.
> 
> ------------------------
> This email was scanned by BitDefender.
> _______________________________________________
> Outages mailing list
> Outages at outages.org<mailto:Outages at outages.org>
> https://puck.nether.net/mailman/listinfo/outages
> 
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages

-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274


More information about the Outages-discussion mailing list