[GRLUG] Slippery SPAM

[Grand Rapids Linux Users Group]

The "domain" is:

actu-des-promos-9.fr <news at mail3.actu-des-promos-9.fr>

hostnames/subdomains are added at the left.

Note that sender address is pretty much infinitely forgeable in Internet
email. Blocking by sender only works for spam sent by amateur spammers.

Are you hosting your own email or is it from a provider? What extent of
controls do you have?

On Tue, Mar 9, 2021, 18:04 Grand Rapids Linux Users Group <grlug at grlug.org>
wrote:

> I keep getting SPAM mail, in French. I keep blocking the sender and/or
> marking it as SPAM, but they keep coming. Seems like they have an infinite
> number of variations they can run on their email domain.
>
> news at mail3.actu-des-promos-9.fr
>
> I think can change the numeral after ‘mail’ and at the end, and perhaps
> even the text inbetween.
>
> Does anyone understand what’s happening here and how I can stop these? Or
> are these maybe spoofed email addresses?
>
> And it seems to me that ‘mail3’ ought to be a registered domain, with the
> others being sub-domains. But there seem to be a lot of different mail3.*
> email addresses. Am I missing somethng here?
>
> mail3.fr is for sale (in French); mail3.com is forsale, acc to GoDaddy.
> mail3.org is a baseball league site.
>
> ??
>
> Is mail3 some generic email address that might also on some occasion send
> me valid mail? Or can I safely go to my mail server and blacklist mail3.*?
>
> Eric Beversluis
> Short fiction at www.ericbeversluis.com
>
> --
> grlug mailing list
> grlug at grlug.org
> https://shinobu.grlug.org/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://shinobu.grlug.org/pipermail/grlug/attachments/20210309/c6daa689/attachment.html>