Not a Spamhaus customer, so I can't answer to that. But I've seen what you've seen from subdomains of:
.015.xn--p1acf .026.xn--p1acf .045.xn--p1acf .045.xn--p1acf .051.xn--p1acf .061.xn--p1acf .062.xn--p1acf .063.xn--p1acf .064.xn--p1acf .073.xn--p1acf .089.xn--p1acf As I didn't spot any legitimate traffic from those IPs/domains, they end up on our internal RBL with no complaints from our customers so far. Kind regards, Florian > Le 22 janv. 2025 à 15:34, Tapio Peltonen via mailop <[email protected]> a > écrit : > > Is it just me or has the volume of SPF passing spam where the sending > IP is not known by Spamhaus gone up in recent weeks? I used to get > these very infrequently, but during last few weeks I've gotten new > ones almost daily. Many of the sender addresses look legitimate, with > tlds such as .com or .net or .de, and they very much look like cases > where a spammer has got their hands on a formerly legitimate domain or > hacked the dns provider. The sending IPs' reverse records point to > very suspicious looking Chinese or Russian domains, some IDN and some > regular. > > An example of such domain is vovlink.de, where the A record and the > mail subdomain both point to 62.173.147.115, the reverse of which is > the IDN орс.051.рус (xn--n1aed.051.xn--p1acf). Because the SPF config > is "v=spf1 a mx -all" the spam passes the SPF check. > > I reached out to the abuse contact through the domain-contact.org > website and actually got a reply, but the dns config is still > unchanged and the host is still sending spam. > > Of course I block these manually when I come across them, but these > used to be very infrequent. So I wonder if this is a larger phenomenon > or is it just that some spammer has recently added my domains to the > recipient list. The vovlink.de one did also send spam to my Gmail > address, so I guess that IP has pretty hefty output volume. > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
