This is a post regarding a trend I am noticing on incoming spam hitting our server.
I am noticing as I look through the headers of spam emails (oh you know the Amex needs to update its information, Contact UK bank for lottery etc..) that a lot of these messages appear to originate from US servers. What I do is look through the headers and check the ip’s of received by. If they are out of the country, depending on which country, I blacklist the ip from sending emails. (I also use spam assassin training and RBL checking).
As I look through, if it is a yahoo or gmail or comcast compromised account, then I cannot block as any of our customers may have those addresses. However thats not what I am seeing. I am seeing header information that looks like servers are either compromised or are legitimately sending spam. Or spoofed.
So to the question:
1. Is anyone else seeing this? I have been viewing these trends for 3+years at my current job and this is the most I have seen of this.
2. How do you determine if the header information is “spoofed”? Are email headers fool prrof?
There have been times over the years where I reached out to admins of some of these US servers, but have never had anyone respond. Maybe they thought my email was spam? 🙂