[PLUG-TALK] About those UCE senders ...
Rich Shepard
rshepard at appl-ecosys.com
Tue Oct 16 15:49:01 UTC 2018
Perhaps you professional network admins who better understand the universe
of UCE senders can answer a question about the patterns I see in daily mail
logs. This is a matter only of curiosity to me since postfix keeps these
poking attempts from my inbox.
I see messages from the same /24 network, differing only in the last quad.
For example:
2 60.167.82.116
2 60.167.82.128
2 60.167.82.250
2 60.167.112.91
2 60.167.112.139
2 60.167.113.10
2 60.167.113.79
2 60.167.113.106
2 60.167.113.131
2 60.167.113.136
2 60.167.113.158
2 60.167.113.192
2 60.167.116.89
2 60.167.116.97
and so on.
These look like a single source has defined multiple host IPs on the same
registered network just to send UCE, and each host doesn't represent
end-user customers of an ISP.s
Is this a reasonable interpretation? Again, I'm only curious about such
consistent patterns almost every day from the same host country.
Rich
More information about the PLUG-talk
mailing list