Skip to content
 

Searching for Catchall Domains?

I received an odd spam this morning. It was sent to a nonsense address at one of my domains that still has the catchall enabled. The body of the message

Return-Path:
Received: from pdngvw.net (unknown [211.63.134.102])
by server1.planetmike.com (Postfix) with SMTP id 88836400001
for ; Wed, 22 Aug 2007 05:01:14 -0400 (EDT)
Received: from kgfhbaq.net ([203.90.8.251]) by pdngvw.net; Wed, 22 Aug 2007 17:59:46 +0900
From: “sg7lvlopuss3qis”
To: “jfdsncbrnzyesdthqqw”
Subject: FS XF
Date: Wed, 22 Aug 2007 17:59:17 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary= “—-=_NEXTPart_QX3_HTY5_NPJ5JM3M.EOPLCRUD”
X-Priority: 3
Message-Id: <20070822090114.88836400001@-snip->
Status: O
X-UID: 3245
Content-Length: 417
X-Keywords:


Ohby

Content-Type: text/html; file=”g.html”
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=”LKmFS.html”

The attached HTML file was actually one line of text:

[[ip.add.re.ss,,,jfdsncbrnzyesdthqqw@-snip-]]

I predict that domain will be used for falsified return addresses for a spam run sometime soon. Or, the argument could be made that domain will not be used for false return addresses.