From: Terry Carmen (terrycnysupport.com)
Date: Wed Mar 19 2008 - 11:30:09 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mike Morris wrote:
> Hi Everyone,
>
> I realize this is off topic for this list, but I'm hoping someone has
> some insight in to the issue we're seeing on our MX servers.
>
> Remote email servers matching the pattern
> [a-z]{2}-out-[0-9]{4}\.google\.com are attempting to deliver to a high
> number of non-existent email addresses in our system. More correctly,
> the percentage of attempted deliveries to non-existent email addresses
> is quite high. Roughly 75% of the email traffic from these Google.com
> servers consists of a null envelope sender address with a non-existent
> envelope recipient. In my experience this generally means backscatter
> or possibly SAV probes. Our MX servers properly reject messages to
> non-existent users, so that is not the problem. Still, the traffic is
> high enough to take notice.
>
> This appears to have begun in December of 2007. The amount of
> attempts to non-existent addresses and the number of source email
> servers increased significantly sometime in February, by a few orders
> of magnitude.
>
> Does anyone know what Google may be doing here? Could this have
> anything to do with Google's acquisition of Postini? We're still
> getting traffic from servers with the old Postini host names, like
> *.obsmtp.com, so it doesn't look like those services have been
> converted to use host names in the google.com domain. Attempts to
> contact Google have thus far gone unanswered. Any insight would be
> appreciated.
Post some maillog entries, including the IP addresses.

Anybody can say they're "whatever.google.com" What they say is
irrelevant. What matters is the reverse DNS lookup, and whois info for
the IP address.

Terry

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]