From: Mike Morris (mikeopennix.com)
Date: Wed Mar 19 2008 - 11:09:09 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Everyone,

I realize this is off topic for this list, but I'm hoping someone has
some insight in to the issue we're seeing on our MX servers.

Remote email servers matching the pattern
[a-z]{2}-out-[0-9]{4}\.google\.com are attempting to deliver to a high
number of non-existent email addresses in our system. More correctly,
the percentage of attempted deliveries to non-existent email addresses
is quite high. Roughly 75% of the email traffic from these Google.com
servers consists of a null envelope sender address with a non-existent
envelope recipient. In my experience this generally means backscatter
or possibly SAV probes. Our MX servers properly reject messages to
non-existent users, so that is not the problem. Still, the traffic is
high enough to take notice.

This appears to have begun in December of 2007. The amount of attempts
to non-existent addresses and the number of source email servers
increased significantly sometime in February, by a few orders of magnitude.

Does anyone know what Google may be doing here? Could this have
anything to do with Google's acquisition of Postini? We're still
getting traffic from servers with the old Postini host names, like
*.obsmtp.com, so it doesn't look like those services have been converted
to use host names in the google.com domain. Attempts to contact Google
have thus far gone unanswered. Any insight would be appreciated.

Thanks,

Mike

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]