Hi,
I have just had <edited> (173.0.84.226) removed from the sorbs spam list.
It was added as it was found to be sending spam to a sorbs spam honeypot.
This is from sorbs:
In order to assist you in identifying the source of the spam, I've attached the headers for the most recent occurrence. This may point to a compromised or unsecure mail account or mail server, or a computer infected with a spambot, among other possibilities. Please feel free to open a new request should any of your IPs become listed again. Headers: Return-Path: <[Email Address]> Received: from [Host/Domain Hidden] ([Host/Domain Hidden] [173.0.84.226]) by [Host/Domain Hidden] (Postfix) with ESMTP id 43E981E3E325 for <[Email Address]>; Sun, 19 Apr 2020 09:36:14 -0400 (EDT) DKIM-Signature: [Hidden] Date: Sun, 19 Apr 2020 06:36:13 -0700 Message-Id: <edited>[Host/Domain Hidden]> AMQ-Delivery-Message-Id: EMAILDELIVERY-Notification_EmailDeliveryEvent-226-1587303366456-1943476145 PP-Correlation-Id: 876d6ed35b5f3 Subject: Your purchase from Maxest Co.,Ltd To: Joy Bowler <[Email Address]> From: "[Email Address]" <[Email Address]> Content-Type: multipart/alternative; boundary=--NextPart_048F8BC8A2197DE2036A MIME-Version: 1.0 -- Thank You, SORBS Technical Support
Was there a security breach on the paypal e-mail servers, or has the mx server ip address recently changed to what used to be a spam sender and the previous server at that address was compromised?
Is paypal missing any monitoring of their e-mail mx addresses to see if they have been blacklisted?
Anybody have any ideas?
Thanks.
... View more