I just noticed a tidal wave of mails coming from sales@$randomdomain.tld on a
couple of mailrelays I manage.
All these mails are obviously spam messages. But they seem to have something in
common besides the sales@. They either have no MX record, which is great because
callouts just detect these spams. Or they all have MX pointing to
mail.$randomdomain.tld which point to the same IP.
Here are a few samples.
# nslookup
Name: mail.ruedesabbeysses.com
Address: 72.232.95.68
Name: mail.randyschuckman.com
Address: 72.232.95.68
Name: mail.promosinternational.com
Address: 72.232.95.68
Name: mail.primerentalstore.com
Address: 72.232.95.68
Name: mail.prcfoods.com
Address: 72.232.95.68
So it would be almost trivial to block these spams with a dnsdb ACL call to the
MX. But there should be a "blacklist" to match the addresses. Does anybody know
of such a blacklist or is it a great opportunity to create one?
Also what are your opinions about this kind of filtering?