•  29-09-2019
  •  | 
  •  

Question

I wrote an smtp app as an experiment. It saves everything it gets and doesn't validate the to address. I forgot I left it running and when I went back to turn it off I noticed all these heard only emails or headers and a weired string for a message. I assume it's something to do with spam so I'm curious about what they hope to accomplish by sending these emails.

Examples follow separated by a row of equal signs. The domain and ip address have been changed

From: "xuyns@example.com" <xuyns@example.com>
Subject: 174.143.203.1*example.com,25,root,info,,-SMTP-PX2838E
To: dfudxf@163.com
Date: Thu, 4 Nov 2010 04:10:09 +0800

WUIG5707438Q##root#*info##174&143&203&1*example&com##OSKO6304118L

====================================

Received: from o5x.fgeie.net ([116.82.135.197]) by 174.143.203.117 with ESMTP id 2E6CA8FA3BD; Thu, 04 Nov 2010 19:12:25 -0300
Message-ID: <zezmem0j1jl0-q8$-8ejk55$-0k@3kq5ms.b3nmak0>
From: "" <z2007tw@yahoo.com.tw>
To: <vkihwpdh@yahoo.com.tw>
Subject: BC_174.143.203.1
Date: Thu, 04 Nov 10 19:12:25 GMT
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_000D_01C2CC60.49F4EC70"
Was it helpful?

Solution

I know this is an old question, but however what those emails indicate is a probe to determine if your server is an open relay. If the intended address receives the message, more spam will flood your mail server.

Several signatures exist for open mail relay probes.

  1. Single recipient (most spam sent with multiple)
  2. IP Address of your server in the subject line of the email
  3. IP Address encoded or in hex format in the body
  4. Message size under 1024 bytes.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top