More excessive spam

[Bunchadogs]

Recently I've had several clients start getting a sudden increase in spam
Many are receiving emails with the EXACT same Subject:

See why your credit rating decreased Thursday (at no-cost)​

Your credit rating dropped (Are you surprised?)​

[Someone is snooping around your background information]​

Someone you know is accessing your background information​

Alert: Something negative was posted online (see what it is)​

They come from some 'amusing' domain names - this is just a small sample:

livegoodperson.com​

acceptimportantman.com​

nextotherwoman.com​

donextlist.com​

​

It's been hard to block them since the exact same email will come from a different domain name several times.
I've set the SPAM settings on VERY AGGRESSIVE, but it still doesn't catch them.

It's not system wide - some users on the same domain will NOT receive the spam - and it's not on every domain...
Any thoughts?

 

[hafa]

Spam for all of our clients has been extreme as of late, with lots of messages with similar subject lines (Hi Honey, hello bro, etc..). It seems that the hole left in the SPAM ecosystem from last year's major busts has been rapidly filled with legions of zombie machines...

 

[Stephen]

Yes zombie machines loads of them, possibly even websites on joomla or wordpress that are not updates from what we've seen of late.

I have two addresses on gmail, they are getting past spam filters there as well at an alarming rate, 5+ today only on each one.

 

[Bunchadogs]

What I'm seeing seems to be different than they typical zombie/drone/compromised server.

I looked up a bunch of the most recent spam and their domains were all very recently registered at enom.com - it's not like they are using fictional/spoofed domains, or utilizing a compromised mail server on an existing domain.

Today I received three emails in a row - identical subject, identical body - from three different domains (and different IPs, and different mail accounts) - however a whois search showed all three domains were all registered at enom on the same day, within 15 minutes of each other!
All anonymously registered of course!

From: Bridget Matos <[email protected]> []
Message-ID: <.[email protected]>

From: March 7th Alert <[email protected]> []
Message-ID: <[email protected]>

From: ayden Wilkerson <[email protected]> []
Message-ID: <[email protected]>

So - three different domains, three different IPs, but the exact same email! ( Subject: (March 7th) Your personal credit rating lowered (see why) )

The links embedded in these emails DO work ( qualify.html?date-check=781065633050+69771368seen-your- ) and they redirect to live sites (Checkmate background checking service...)

Is enom just turning a blind eye to this type of obvious spam activity? I'm pretty sure the three domains above were all registered on the same day, within minutes...not a hacked website, but an obvious attempt to send spam.

I sent [email protected] the info....I'm sure they'll get right on it!

Too bad you can't filter based on the registrar of the domain instead of the host.

 

[Stephen]

ok that is interesting!

 

[Bunchadogs]

Fingers crossed, the flood is now down to a very slow trickle....

 

[Stephen]

Fingers crossed, the flood is now down to a very slow trickle....

Today I am getting IRS refund spams at gmail, and "your att wireless bill is ready" here...similar type thing, but yes much less only one at gmail and one here.

 

[microweb]

I'm seeing this issue too!

 

[Stephen]

I am seeing it everywhere, hotmail, yahoo, gmail, us (time a few since I have multiple addresses), this new technique is killer, and seems spam systems have to adapt. I have a feeling it is linked to a lot of the other botnet stuff going around right now using for relay/bounce points on unsuspecting sites.