[ moving to -discuss; hope everyone's there ] It's been posited that the end of security updates for WinXP will be likely to cause an uptick in the amount of bot sent spam and attacks. Something which -- by the way -- might be easier to kill off if all edge network operators were implementing BCP38. BCP38: ask for it by name! Cheers, -- jr 'www.bcp38.info' a ----- Original Message -----
From: "Blake Pfankuch - Mailing List" <blake.mailinglist@pfankuch.me> To: "Bill Wichers" <billw@waveform.net>, "Eric Henson" <ehenson@pfsweb.com> Cc: "outages" <outages@outages.org> Sent: Friday, April 4, 2014 11:23:47 PM Subject: Re: [outages] Crazy amts of spoofing? I keep an old email address out there just so I can trend the spam in the world. I usually get 250-300 messages a day of junk in that mailbox, with peak counts being M-F 6am to 6pm Mountain Time.
Since Thursday last week, I have been averaging almost 450 a day, with a peak of 630 messages yesterday. I have had reports from a few family members saying they have seen Email with my name on it, but smash keyboard email addresses over the past few weeks as well.
From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Bill Wichers Sent: Friday, April 4, 2014 3:24 PM To: Eric Henson Cc: outages Subject: Re: [outages] Crazy amts of spoofing?
While not spoofing specifically, we've been seeing abnormally high amounts of general nefarious network activity this year. It was especially bad during the height of the ntp ddos problem in January/February but still seems higher than it was last year.
Sent from my iPhone
On Apr 4, 2014, at 5:22 PM, "Eric Henson" <ehenson@pfsweb.com<mailto:ehenson@pfsweb.com>> wrote: I've seen this-sporadically-for a year now probably, although my users started reporting it in March (or maybe February 25th).
-- ERIC HENSON Solutions Architect for Systems Organization PFSweb | www.pfsweb.com<http://www.pfsweb.com/> p: 972.881.2900 x3104 m: 972.948.3424
From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Tony Patti Sent: Friday, April 04, 2014 4:02 PM To: 'Neil Ticktin'; 'outages' Subject: Re: [outages] Crazy amts of spoofing?
I've seen (work, family, friends) an increased amount of spoofing since February 25.
The first two emails I looked at that day were sent thru email servers in UK and France.
Tony Patti CIO S. Walter Packaging Corp.
From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Neil Ticktin Sent: Friday, April 04, 2014 4:17 PM To: outages Subject: [outages] Crazy amts of spoofing?
Anyone seeing crazy amounts of spoofing that are going out to what looks like address book entries?
In other words, not from your client, not from your server, but spoofing an email address that's yours, and going to recipients that look like your address book (e.g., grouped by last name and to people you know).
I don't want to point fingers, and I have no evidence of this in any way, but it almost looks like a social network site, that may have access to address book entries, got hit -- and someone is spoofing big time.
The other option would be a Mac virus hitting address book entries.
Anyone seeing anything this?
Neil
------------------------ This email was scanned by BitDefender.
------------------------ This email was scanned by BitDefender. _______________________________________________ Outages mailing list Outages@outages.org<mailto:Outages@outages.org> https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
-- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274