What stops you from blocking the connecting SMTP server IP address or CIDRs? I can't tell if what you're describing indicates the mails are coming from CloudFlare outbound SMTP servers or not. If the SMTP connections **are** coming from CloudFlare CIDRs (for example, say, some customer of theirs abusing Email Workers and thus the outbound spam/phishing mails come from CloudFlare IPs), then reporting it to CF is the right thing. PeeringDB has some additional PoCs for abuse reporting: https://www.peeringdb.com/net/4224 If the SMTP connections **aren't** coming from CloudFlare CIDRs, then worrying about DNS records of whatever domains they're MAIL FROM'ing or From:'ing is (mostly) irrelevant, especially if they're domains the spammers control (i.e. they aren't spoofing, so SPF won't help, and they can control their own DKIM records). What you really want to be doing is reporting the abuse to whoever is hosting the network the SMTP servers reside on. If it's a hosting provider, look them up in ARIN whois, read the providers' ToS, and report them to the provider. -- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator PGP 0x2A389531 | | Making life hard for others since 1977. | On Mon, Jul 14, 2025 at 02:18:32PM -0400, Jon R Kibler via Outages-discussion wrote:
All, Is anyone else getting slammed with a flood of phishing-spam / malware from "Interactive Brokers" which is addressed to their outages email address? Or, am I the unlucky one? I've tried nearly everything I can think of to block them, but it seems they have an infinite number of MTAs from which they can originate their attacks. Worse, all of the domains which I have seen from which they appear to be sending have DNS hosted by CloudFlare, yet CloudFlare has been unresponsive to the abuse complaints I have filed. Anyone else tried complaining? TIA for your thoughts and feedback.JRK ______________________________________________ Outages-discussion mailing list outages-discussion@outages.org Sign up for an account https://lists.outages.org/accounts/signup/ To subscribe send an email to outages-discussion-join@outages.org To unsubscribe send an email to outages-discussion-leave@outages.org To contact the list owners outages-owner@outages.org Archives https://lists.outages.org/archives/list/outages-discussion@outages.org/
Thank you for using outages-discussion Lists!