* * * * *
A most persistent spam, part II
Shortly after I wrote about the Russian spam from Aleksandr [1] the nature of
the emails changed. They are now four attached Microsoft Word files. I'm not
sure if they're infected or not, but it matters to me not, because I can't
read the darned things since I am Microsoft free. Except for a small handful
of emails where they appear to be missing the four Microsoft Word files and
it seems they were never included in the email. It was weird enough to do a
bit more investigation.
I have a stock pile of these emails now, and I've notcied an interesting
thing—all of them are addressed to one of just two addresses. The first one
is
[email protected], a catch-all address that is mentioned in RFC-2142 [2],
and the second one is
[email protected], which I've only mentioned
once on this blog [3] and one would have to actively search for to even find
it elsewhere.
So I have three options before me:
1. nuke both the
[email protected] and
[email protected] addresses
as they're not really used;
2. setup a custom email filter rule that will tell my greylist daemon [4]
to reject emails from the IP (Internet Protocol) address (which I did
manually, but it changes quite often);
3. setup a custom email filter rule that will tell the firewall to block
the IP address from even connecting.
The first is easy, but I wonder how long until Aleksandr finds another
address to spam. The other two are a bit more involved. I think I'll try the
first one and see how long that lasts, and only if the spam returns will I
mull over the other two options.
Update on Wednesday, Debtember 22^ND, 2021
Wisdom of the Ancients [5]—I did find a solution [6], but it might not be one
you can use.
[1]
gopher://gopher.conman.org/0Phlog:2021/07/20.2
[2]
https://www.ietf.org/rfc/rfc2142.txt
[3]
gopher://gopher.conman.org/0Phlog:2021/05/05.1
[4]
https://github.com/spc476/x-grey
[5]
https://xkcd.com/979/
[6]
gopher://gopher.conman.org/0Phlog:2021/08/28.1
Email author at
[email protected]
