The onslaught of spam bounces continues. After a little further exploration, and discussions with the folks on the chuug list, we’ve determined that a spammer is using randomstring@accapehart.com as the “From:” address for spam that he/she is sending out. As a result, for every message that is not successfully sent, I get a bounce back from the friendly MTA saying that they couldn’t deliver the message I was trying to send. As a result, all legitimate mail to accapehart.com, carolynfay.com, santaal.com, and the rest of my vanity domains has slowed to a crawl.
Only some of the bounces that I get back from MTAs are actually useful in that they include full headers. I was hoping that there would only be one or two sites that had been hacked and were using this pattern. I could contact the owners of those sites. They’d be excited to have more information about the way they’d been hacked. They’d quickly purge the intruder, all this would clear itself up. And while I’m no SMTP-header-expert none of the messages that I’ve siphoned from the bounce flood appear to have originated from the same place.
Some samples follow:
`The onslaught of spam bounces continues. After a little further exploration, and discussions with the folks on the chuug list, we’ve determined that a spammer is using randomstring@accapehart.com as the “From:” address for spam that he/she is sending out. As a result, for every message that is not successfully sent, I get a bounce back from the friendly MTA saying that they couldn’t deliver the message I was trying to send. As a result, all legitimate mail to accapehart.com, carolynfay.com, santaal.com, and the rest of my vanity domains has slowed to a crawl.
Only some of the bounces that I get back from MTAs are actually useful in that they include full headers. I was hoping that there would only be one or two sites that had been hacked and were using this pattern. I could contact the owners of those sites. They’d be excited to have more information about the way they’d been hacked. They’d quickly purge the intruder, all this would clear itself up. And while I’m no SMTP-header-expert none of the messages that I’ve siphoned from the bounce flood appear to have originated from the same place.
Some samples follow:
`
also:
``The onslaught of spam bounces continues. After a little further exploration, and discussions with the folks on the chuug list, we’ve determined that a spammer is using randomstring@accapehart.com as the “From:” address for spam that he/she is sending out. As a result, for every message that is not successfully sent, I get a bounce back from the friendly MTA saying that they couldn’t deliver the message I was trying to send. As a result, all legitimate mail to accapehart.com, carolynfay.com, santaal.com, and the rest of my vanity domains has slowed to a crawl.
Only some of the bounces that I get back from MTAs are actually useful in that they include full headers. I was hoping that there would only be one or two sites that had been hacked and were using this pattern. I could contact the owners of those sites. They’d be excited to have more information about the way they’d been hacked. They’d quickly purge the intruder, all this would clear itself up. And while I’m no SMTP-header-expert none of the messages that I’ve siphoned from the bounce flood appear to have originated from the same place.
Some samples follow:
`The onslaught of spam bounces continues. After a little further exploration, and discussions with the folks on the chuug list, we’ve determined that a spammer is using randomstring@accapehart.com as the “From:” address for spam that he/she is sending out. As a result, for every message that is not successfully sent, I get a bounce back from the friendly MTA saying that they couldn’t deliver the message I was trying to send. As a result, all legitimate mail to accapehart.com, carolynfay.com, santaal.com, and the rest of my vanity domains has slowed to a crawl.
Only some of the bounces that I get back from MTAs are actually useful in that they include full headers. I was hoping that there would only be one or two sites that had been hacked and were using this pattern. I could contact the owners of those sites. They’d be excited to have more information about the way they’d been hacked. They’d quickly purge the intruder, all this would clear itself up. And while I’m no SMTP-header-expert none of the messages that I’ve siphoned from the bounce flood appear to have originated from the same place.
Some samples follow:
`
also:
``
and:
Only some of the bounces that I get back from MTAs are actually useful in that they include full headers. I was hoping that there would only be one or two sites that had been hacked and were using this pattern. I could contact the owners of those sites. They’d be excited to have more information about the way they’d been hacked. They’d quickly purge the intruder, all this would clear itself up. And while I’m no SMTP-header-expert none of the messages that I’ve siphoned from the bounce flood appear to have originated from the same place.
Some samples follow:
`The onslaught of spam bounces continues. After a little further exploration, and discussions with the folks on the <a HREF="http://www.chuug.org">chuug</a> list, we’ve determined that a spammer is using <span style="font-style:italic;">randomstring@accapehart.com</span> as the “From:” address for spam that he/she is sending out. As a result, for every message that is not successfully sent, I get a bounce back from the friendly MTA saying that they couldn’t deliver the message <span style="font-style:italic;">I</span> was trying to send. As a result, all legitimate mail to accapehart.com, carolynfay.com, santaal.com, and the rest of my vanity domains has slowed to a crawl.
Only some of the bounces that I get back from MTAs are actually useful in that they include full headers. I was hoping that there would only be one or two sites that had been hacked and were using this pattern. I could contact the owners of those sites. They’d be excited to have more information about the way they’d been hacked. They’d quickly purge the intruder, all this would clear itself up. And while I’m no SMTP-header-expert none of the messages that I’ve siphoned from the bounce flood appear to have originated from the same place.
Some samples follow:
`
also:
``The onslaught of spam bounces continues. After a little further exploration, and discussions with the folks on the <a HREF="http://www.chuug.org">chuug</a> list, we’ve determined that a spammer is using <span style="font-style:italic;">randomstring@accapehart.com</span> as the “From:” address for spam that he/she is sending out. As a result, for every message that is not successfully sent, I get a bounce back from the friendly MTA saying that they couldn’t deliver the message <span style="font-style:italic;">I</span> was trying to send. As a result, all legitimate mail to accapehart.com, carolynfay.com, santaal.com, and the rest of my vanity domains has slowed to a crawl.
Only some of the bounces that I get back from MTAs are actually useful in that they include full headers. I was hoping that there would only be one or two sites that had been hacked and were using this pattern. I could contact the owners of those sites. They’d be excited to have more information about the way they’d been hacked. They’d quickly purge the intruder, all this would clear itself up. And while I’m no SMTP-header-expert none of the messages that I’ve siphoned from the bounce flood appear to have originated from the same place.
Some samples follow:
`The onslaught of spam bounces continues. After a little further exploration, and discussions with the folks on the <a HREF="http://www.chuug.org">chuug</a> list, we’ve determined that a spammer is using <span style="font-style:italic;">randomstring@accapehart.com</span> as the “From:” address for spam that he/she is sending out. As a result, for every message that is not successfully sent, I get a bounce back from the friendly MTA saying that they couldn’t deliver the message <span style="font-style:italic;">I</span> was trying to send. As a result, all legitimate mail to accapehart.com, carolynfay.com, santaal.com, and the rest of my vanity domains has slowed to a crawl.
Only some of the bounces that I get back from MTAs are actually useful in that they include full headers. I was hoping that there would only be one or two sites that had been hacked and were using this pattern. I could contact the owners of those sites. They’d be excited to have more information about the way they’d been hacked. They’d quickly purge the intruder, all this would clear itself up. And while I’m no SMTP-header-expert none of the messages that I’ve siphoned from the bounce flood appear to have originated from the same place.
Some samples follow:
`
also:
``
and:
So, based on message-id, we’ve got spam originating from “allaboutclocks.com”, “1010dialaroundplans.com”, “carinirealtors.com” and others that I didn’t bother to list. In my cursory examination, I have not yet found two sources the same.
For the 24-hour period of Thursday, April 28, I received more than 151,000 bounces. I have done the only things I can think to do so far. I’ve implemented Sender Policy Framework. I’ve written to a few of the apparent spam sources to suggest they examine their security. (No replies yet.) Now, I’m trying one more thing: Appealing to the humanity of the person(s) actually generating the spam. Please stop. Please leave me alone in my quiet little corner of the internet. I have done you no harm. (Or if I have, please just email me… we can dialog about how you think I may have wronged you). Please stop the abuse. I cry uncle!