Is One Of These IP Addresses Yours?
by ZetaGecko | 6 Comments | Email, Issues/Problems
Ever wonder just how much of a problem spam email is? To give you an idea, here in no particular order are the 1,231 IP addresses from which my email server received at least 3 messages sent to invalid addresses within a single 5 minute period over the course of 4 hours.
That sentence may have been a little hard to follow, so let me rephrase. For 4 hours, I had my email server keep track of each time it received an email to a non-existent email address (most likely a spammer trying to guess a valid email address). Every 5 minutes, a script would count how many such emails it had received from each IP address and log any that appeared 3 or more times, and then clear the list and start over.
This list does not include many thousands more IP addresses from which only 1 or 2 such messages were received.
If one of them is your IP address, either shame on you, you pathetic leach in human form, or your computer has been hacked and is being used to waste untold amounts of internet bandwidth. And in case you think it doesn't really matter, last month, for the first time, I had to pay extra for my hosting due to excessive bandwidth usage. The overage was caused by spam.
Here's the list of shame.
[Update: The list of shame has been removed because it's probably mostly full of IP addresses of servers bouncing spam with a spoofed sender address. I'll post most more rants about this problem later.]
June 21st, 2008 at 10:06 pm
Mine isn't there! Got close a few times though... Fortunately, email addresses associated with my server aren't really public (or even used)... so I doubt I'll ever have bandwidth problems from spam.
Well... hopefully!
July 21st, 2008 at 3:24 pm
Please forward spam received from 89.171.112.121 (if you still have a copy). Do you use SPF? If not, then some of these guys are probably neither spammers or hacked.
July 21st, 2008 at 3:37 pm
I never actually saw any of the emails -- my server is configured to reject them before the data is sent if the address to which they're being sent doesn't exist. I just had it track the IP addresses of the computers that were trying to send such messages.
I have SPF turned off at the moment (...don't remember for sure why I did that).
Would you care to elaborate on your last sentence? If an email to a non-existent address came to me from a particular IP address, I can imagine 4 possibilities:
1) Somebody accidentally entered the wrong address.
2) They were sending spam.
3) The computer has been cracked or infected and someone else is using it to send spam.
4) It's an open relay and is being abused to send spam. (Oh yeah, didn't mention that possibility above).
I don't see how SPF would make a difference.
July 23rd, 2008 at 2:24 pm
5) someone send a email with forged envelope adress (SMTP command MAIL FROM:) nonexistent@your.domain to nonexistent@other.dmain and other.domain sent a bounce message to nonexistent@your.domain saying "message cannot be delivered". If other.domain uses SPF and your.domain has SPF record set to accept envelope address @your.domain only from some IP range, then those mail is rejected by other.domain and no bounce message is generated.
October 4th, 2008 at 5:14 am
66.228.115.231 is the IP Address of numerous sites owned by Brian Krassenstein, a well known spammer and scammer. He was the one responsible for the Idetrorce spam bot that hit bloggers by storm with spam comments and he has a long history of spamming for hyip's (ponzi schemes).
He currently operates Talkgold.com forums and a pyramid scheme named TeamEarners.com amongst other schemes. If you receive any more spam from his network, contact abuse [at] softlayer and let them know or contact the FBI's cybercrimes division who are already investigating his activities.
December 17th, 2008 at 8:18 pm
[...] been getting lots of spam bounce traffic since back in June, and have implemented countermeasures that have drastically reduced the impact [...]