Back to Community Threads
Going to war against the free-stuff spammers
Problem reported by Douglas Foster - 10/29/2025 at 12:38 PM
Submitted
D
Here is how I am taking on the free-stuff attackers:
1) detect another source domain
2) look up the IP address on ipinfo.io to get the abuse reporting address
3) Copy and paste to quickly create an email to the abuse reporting address
Subject: Abuse from client <domain> on <ipaddress>
Body:
You have a client that is part of a world-wide attack system, using fraudulent offers of free stuff from well-known brands.   The attacker is smart enough to use locally-relevant brand names.   We  have blocked tousands of these attacks from many different sources, so I suspect a nation-state actor.   Now you have become part of the problem as well.

The message is thoroughly authenticated to the attack domain, producing SPF PASS, DKIM PASS, and DMARC PASS.   The Helo name is also verifiable with forward-confirmed DNS.  Unfortunately, they have many attack domains at their disposal, so domain reputation is unknown.

Message headers appear below my signature
<signature>
<Message headers, after removing headers inserted by my filtering software>
4) Send the message

It only takes a minute, and it gives the bad guys one less hosting service to exploit.   Hopefully it causes the hosting services to vet their clients more carefully.
Derek Curtis Replied
10/29/2025 at 2:34 PM
Employee Post
These are really nice posts, Douglas. I'm sure others appreciate you sharing your insights. 
Derek Curtis
CCO
SmarterTools Inc.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
My spool is full of pending messages. What do I do?SmarterMail > Troubleshooting
Migrating SmarterMail to LinuxSmarterMail > Server Configuration and Management
SmarterTools Licensing InformationGeneral Topics
Messages from Trusted Senders are going to my Junk folderSmarterMail > Troubleshooting