Tuesday, January 18, 2011

1st Known Spamming from the "Cloud"

Ehlo All,

This is my 1st confirmed spam (mid 2010) I have ever seen come from the "Cloud". The "winner" of this honor goes to Amazon. Congratulations (sarcasm). According to my latest research Amazon still does not allow PTR (rDNS) records which is typically required/strongly recommend to avoid outbound email being labeled as spam. How do the many mail servers running on Amazon's Cloud handle it? They relay their email from Amazon's environment onto another host (e.g. authsmtp, google "smtp relay service", etc) and then the other service forwards.

Background on me
I see a LOT of spam since my firm handles filtering for most of our clients via our geographically diverse clustered anti-spam/virus/DoS solution. Our clients on an average day get a total of about 300-400k connections a day (spam/real). This provides me a lot of experience/exposure with spam filtering. If you are wondering why we run our own systems it is because it offers more flexibility, significantly lower latency for email messages (aka delay), and faster response than the big guys.


View from my Spam Filtering Solution which Quarantines Suspect Email Like This.

Spam Header Details
Received: from mm-notify-out-209-61.amazon.com (mm-notify-out-209-61.amazon.com [72.21.209.61])


by mail.rbkgroup.com with ESMTP id 67cz6639988tcu.19.20100625083501;

Fri, 25 Jun 2010 11:35:01 +0200

Date: Fri, 25 Jun 2010 11:35:01 +0200

X-Barracuda-BBL-IP: 72.21.209.61

X-Barracuda-RBL-IP: 72.21.209.61

From: "Buy.com"

Reply-To: Nobody

To:

Message-ID: <02630844.67618272250016768122.JavaMail.em-build@na-mm-relay.amazon.com>

Subject: Thanks for your order!

X-AMAZON-CLIENT-HOST: digital-docs-dope-5002.iad5.amazon.com

X-ASG-Orig-Subj: Thanks for your order!

Bounces-to: 20100625083501q4b3332ggg949lm9p0629fm7g208en6r@bounces.amazon.com

X-AMAZON-CLIENT-SENDTIME: Fri, 25 Jun 2010 11:35:01 +0200

X-AMAZON-MAIL-RELAY-TYPE: notification

X-AMAZON-RTE-VERSION: 2.0

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit


--------------------------------------------

Any questions, let me know.
-Ben

No comments: