Skip to content

Searching for Catchall Domains?

I received an odd spam this morning. It was sent to a nonsense address at one of my domains that still has the catchall enabled. The body of the message

Received: from (unknown [])
by (Postfix) with SMTP id 88836400001
for ; Wed, 22 Aug 2007 05:01:14 -0400 (EDT)
Received: from ([]) by; Wed, 22 Aug 2007 17:59:46 +0900
From: “sg7lvlopuss3qis”
To: “jfdsncbrnzyesdthqqw”
Subject: FS XF
Date: Wed, 22 Aug 2007 17:59:17 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary= “—-=_NEXTPart_QX3_HTY5_NPJ5JM3M.EOPLCRUD”
X-Priority: 3
Message-Id: <20070822090114.88836400001@-snip->
Status: O
X-UID: 3245
Content-Length: 417


Content-Type: text/html; file=”g.html”
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=”LKmFS.html”

The attached HTML file was actually one line of text:


I predict that domain will be used for falsified return addresses for a spam run sometime soon. Or, the argument could be made that domain will not be used for false return addresses.