[PLUG-TALK] What do email senders want to accomplish with this?

Ted Mittelstaedt tedm at portlandia-it.com
Fri Jan 9 04:16:40 UTC 2026 

These aren't relays.  When your mail software replies with "sender not
found" that's called a Non Delivery Report.
 
Nowadays by default most people have NDR's turned off thanks to spammers
using them as reflectors for spam.

Your probably seeing automated probes looking for a functioning NDR.

I'm not sure why your logs don't show the sender address my guess is that
they are opening port 25 and doing a partial transaction to see
If your mailserver software responds or not.

Keep in mind that the worst email holes have historically been in commercial
software and some of that isn't even mailserver software,
It's automated crap people cobbled together then shoved out the door in a
product.  Somewhere out there, is a piece of antique software
That very likely responds to these probes the way the spammer wants and they
are looking for that.   It is nonsense to anyone running
Modern SMTP software but it probably did mean something to some bit of
software once.

SMTP was written in '81, standardized in BSD in '83, and came into wide use
by '88 when the Morris Internet Worm took down the Internet (what there was
of it at the time) and by '95 was de-facto standard for email

Not many 40 year old standards still in use out there.  That's a LOT of
water under the bridge and a LOT of email products that have come and gone.
I can still remember the Microsoft Mail system and the SMTP gateway for that
- which ran on DOS.  People actually used to plug that directly into the
Internet and I would NOT be surprised if somewhere someone was still running
that piece of crap.

Hey, if these guys can run a 30 year old computer in production who knows
what's out there:

https://www.woodtv.com/news/grand-rapids/1980s-computer-controls-grps-heat-a
nd-ac/

Ted

-----Original Message-----
From: PLUG-talk <plug-talk-bounces at lists.pdxlinux.org> On Behalf Of Rich
Shepard
Sent: Sunday, January 4, 2026 5:46 AM
To: 'Off-topic and potentially flammable discussion'
<plug-talk at lists.pdxlinux.org>
Subject: Re: [PLUG-TALK] What do email senders want to accomplish with this?

On Sat, 3 Jan 2026, Ted Mittelstaedt wrote:

> Their target is  "hojohomingrits at nike.com"
> They forge Hojo's name on the spam as sender They use a baloney 
> recipient address on your domain You bounce the message to Hojo Basic 
> simple reflector spam.

Ted,

I understand your example. But, I don't see that pattern except for the last
one:
> 1   6eaa6ad-c333-ec4a-c735-8da9f669f18 at appl-ecosys.com
> 1   91b92b7d-6e29-cfd1-313e-32ed05abcb2 at appl-ecosys.com
> 1   fe17119c-34cf-87ef-e5bf-2e31e83f8c at appl-ecosys.com
> 1   hashiguchiboldizsar at appl-ecosys.com

I don't allow relays because there's nowhere I would want to forward a
message. And the log doesn't show me the sender's name.

Thanks,

Rich

_______________________________________________
PLUG: https://pdxlinux.org
PLUG-talk mailing list
PLUG-talk at lists.pdxlinux.org
https://lists.pdxlinux.org/mailman/listinfo/plug-talk

More information about the PLUG-talk mailing list