Wondering if anyone else has seen the same situation in their environments. Our MTAs are
taking an absolute pounding (and as a result I'm not sleeping much!) from a bunch of
hosts with PTRs for domains ending in 'eas.com' (ex 'leipai168eas.com',
'attractive7eas.com', 'theevermoreseas.com', 'bajasouleas.com').
All the domains seem to be registered through Melbourne IT to random gmail addresses
(which themselves look spammy!) and using cloudns nameservers.
There has also been a noted increase in traffic from other domains, but this one stood out
to me as a pattern.
We've got mitigations in play, but I'd still be interested to see if anyone else
was experiencing any noise.
Show replies by date