[PLUG-TALK] About those UCE senders ...

Rich Shepard rshepard at appl-ecosys.com
Tue Oct 16 15:49:01 UTC 2018


   Perhaps you professional network admins who better understand the universe
of UCE senders can answer a question about the patterns I see in daily mail
logs. This is a matter only of curiosity to me since postfix keeps these
poking attempts from my inbox.

   I see messages from the same /24 network, differing only in the last quad.
For example:

            2   60.167.82.116
            2   60.167.82.128
            2   60.167.82.250
            2   60.167.112.91
            2   60.167.112.139
            2   60.167.113.10
            2   60.167.113.79
            2   60.167.113.106
            2   60.167.113.131
            2   60.167.113.136
            2   60.167.113.158
            2   60.167.113.192
            2   60.167.116.89
            2   60.167.116.97
and so on.

   These look like a single source has defined multiple host IPs on the same
registered network just to send UCE, and each host doesn't represent
end-user customers of an ISP.s

   Is this a reasonable interpretation? Again, I'm only curious about such
consistent patterns almost every day from the same host country.

Rich



More information about the PLUG-talk mailing list