New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SPAM using old BuffaloVPS exclusive email address.
My SPAM filters just trapped a message that used an email address that was used exclusively with BuffaloVPS. No active service with them in about 4 yrs.
From: ([email protected]) To: (my-BuffaloVPS-exclusive-email-address) Mailer: mail (GNU Mailutils 2.99.98) MessageID: <***************@a.blootle.com> Headers: from a.blootle.com ([75.126.178.164] helo=a.blootle.com) by <***********> by a.blootle.com (Postfix, from userid 0) id ************ Bayesian Probability: 1.00000 SenderBase: US; SOFTLAYER TECHNOLOGIES; softlayer.com SPF: none ip=75.126.178.164 mailfrom=**************@crushpathinc.com helo=a.blootle.com Body: Thirty days hath September, April, June, and November; February has twenty-eight alone. All the rest have thirty-one, Excepting leap-year--that's the time When February's days are twenty-nine. -- Old Song
I am just posting here in case anyone else experiences similar, so you can block/blacklist/throttle as you see fit ... possibly an iteration of BuffaloVPS/ChicagoVPS/etc DB being hacked or sold, etc.
Cheers
Comments
you're spamming too?
Mods, a duplicate. Please remove. Thank you
@Ishaq @Jarland
I don't understand - what is this spam email trying to sell? It's a poem?
Both their Solus and WHMCS were known to be hacked at one time or another (I think something like 3 times in total?), which Chris didn't seem to think was a big deal, so this shouldn't be a huge surprise.
I don't get it either, just more waste of bandwidth and processor. Could also be a test for more to come; that's my guess.
Spammers sometimes stuff the plaintext part of a message with junk to throw off spam filters, while the HTML part has the crap they're spamvertising.
Either that or they're trying to remove invalid addresses. They send a normal message and wait for errors.
Merged.
Likely trying to bypass bayesian filtering. Probably was a pharmacy PNG or image attached to avoid putting their domain within the machine readable context.
I often use WHOIS domain emails as 'spam', 'abuse' & keywords that list cleaners used to remove, but no one bothers to clean lists anymore these days.