From: Mike Morris (mikeopennix.com)
Date: Wed Mar 19 2008 - 13:00:42 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/19/2008 10:22 AM, John Peach wrote:
>> Hi Everyone,
>>
>> I realize this is off topic for this list, but I'm hoping someone has
>> some insight in to the issue we're seeing on our MX servers.
>>
>> Remote email servers matching the pattern
>> [a-z]{2}-out-[0-9]{4}\.google\.com are attempting to deliver to a high
>> number of non-existent email addresses in our system. More correctly,
>> the percentage of attempted deliveries to non-existent email addresses
>> is quite high. Roughly 75% of the email traffic from these Google.com
>> servers consists of a null envelope sender address with a non-existent
>> envelope recipient. In my experience this generally means backscatter
>> or possibly SAV probes. Our MX servers properly reject messages to
>> non-existent users, so that is not the problem. Still, the traffic is
>> high enough to take notice.
>>
>> This appears to have begun in December of 2007. The amount of attempts
>> to non-existent addresses and the number of source email servers
>> increased significantly sometime in February, by a few orders of
>> magnitude.
>>
>
> You've been joe-jobbed; I had a similar bunch of these for a while.
>
>

If that were true, then it would appear that Google is accepting and
then bouncing, rather than rejecting. That's what I'm hoping someone
has some information on: why the very large number of emails from Google
servers with a null envelope sender? If it were a Joe job, Google
should not be bouncing the emails, which is what this looks like.

-Mike

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]