Zip file email attachment attacks from “R” domains

Paul — Sat, 18 Sep 2010 00:41:10 +0000

I’ve noticed a pattern in the last year or so with attack emails containing various zip files claiming any number of good reasons to open them and they all have been originating as attacks from domains starting with the letter “R”. I’ve included a list below of the suspect domains which I am currently blocking on my server. If any of these domains are valid, have your webmaster check for compromised email accounts. In the case of spoofing there’s not much that can be done, but it is a curious pattern. If you’ve seen a similar pattern, please contact me.
*@radar3000.com
*@radec.com
*@radiancy.com
*@radmusic.com
*@rahbek.com
*@ramblinexpress.com
*@ranchero.srl.ford.com
*@ranchosanandres.com
*@randyeastwood.com
*@raskrutka.com
*@raysrock.com
*@rbinc.com
*@rcacwv.com
*@rcfoster.com
*@rconestop.com
*@rcsworks.com
*@rcwm.com
*@rebekaharamini.com
*@redeye.com
*@reflomax.com
*@regerar.com
*@regionalreporting.com
*@reigjofre.com
*@relaiscavalcanti.com
*@remed.com
*@remericahometown3.com
*@remotereality.com
*@remus-online.com
*@renault-pdj.com
*@renre.com
*@rentsys.com
*@reque-gallego.com
*@resaleweekly.com
*@resgen.com
*@rettigicc.com
*@review.com
*@rgbinternet.com
*@rh.com
*@rhccmeetings.com
*@ribbitt.com
*@richardselectric.com
*@rickard.uk.com
*@riddleinternational.com
*@rightflorida.com
*@rikandvik.com
*@riverstates.com
*@rjtrucks.com
*@robertinventor.com
*@robil.com
*@robohand.com
*@rofllp.com
*@roguedisposal.com
*@ronaspharma.com
*@ronghai.com
*@rossoscarlatto.com
*@rossward.com
*@rotasign.com
*@rotem.com
*@rotortug.com
*@rotulosrodriguez.com
*@roudeau.com
*@rouit.com
*@rowbarinc.com
*@roxancoffman.com
*@roxschool.com
*@royaltyfoods.com
*@roycelyndsay.com

Spam Email Challenges

Paul — Tue, 02 Dec 2008 06:28:20 +0000

As if it wasn’t bad enough that there are spammers, sometimes the efforts taken to deal with spam actually eliminate legitimate email. There are several layers that an email has to pass through before reaching its destination and each one offers an opportunity for complication:

Server Level Filters – hosting companies often have filters set server wide which lower level tech support staff are sometimes not even aware of, and may even deny their existence.
Hosting Filters – a hosting account may have the option to enable and configure an anti-spam script such as SpamAssassin.
Antivirus – The antivirus software on an individual user’s computer may have its own anti-spam features and thresholds as default settings.
Email Client – The actual software client such as Outlook or Thunderbird may also have features for filtering and handling spam.

I prefer that all messages reach my email client – spam or otherwise, and use that software’s filtering to sort things out. One trick is to take advantage of subject line modification that may be available at each level. For example: on the hosting level add something to indicate it’s being tagged there like [*Ho*] to the subject line. Additionally the antivirus software may allow tagging of the subject line for example: [*Av*]. You can then set a filter in the email client to sort email with those subject lines automatically to the spam or trash folder. Each of these clues will give an indication of where the “offense” is taking place. Of course, if it arrives with both tags in the subject line, then you know it’s a doozy.

Pariah Design, LLC. » Email

Zip file email attachment attacks from “R” domains

Spam Email Challenges