From: John Peach (postfixjohnpeach.com)
Date: Wed Mar 19 2008 - 12:22:21 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi Everyone,
>
> I realize this is off topic for this list, but I'm hoping someone has
> some insight in to the issue we're seeing on our MX servers.
>
> Remote email servers matching the pattern
> [a-z]{2}-out-[0-9]{4}\.google\.com are attempting to deliver to a high
> number of non-existent email addresses in our system. More correctly,
> the percentage of attempted deliveries to non-existent email addresses
> is quite high. Roughly 75% of the email traffic from these Google.com
> servers consists of a null envelope sender address with a non-existent
> envelope recipient. In my experience this generally means backscatter
> or possibly SAV probes. Our MX servers properly reject messages to
> non-existent users, so that is not the problem. Still, the traffic is
> high enough to take notice.
>
> This appears to have begun in December of 2007. The amount of attempts
> to non-existent addresses and the number of source email servers
> increased significantly sometime in February, by a few orders of
> magnitude.
>

You've been joe-jobbed; I had a similar bunch of these for a while.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]