Hi All,
Wondering if anyone else has seen the same situation in their environments. Our MTAs are taking an absolute pounding (and as a result I’m not sleeping much!) from a bunch of hosts with PTRs for domains ending in ‘eas.com’ (ex ‘leipai168eas.com’,
‘attractive7eas.com’, ‘theevermoreseas.com’, ‘bajasouleas.com’).
All the domains seem to be registered through Melbourne IT to random gmail addresses (which themselves look spammy!) and using cloudns nameservers.
There has also been a noted increase in traffic from other domains, but this one stood out to me as a pattern.
We’ve got mitigations in play, but I’d still be interested to see if anyone else was experiencing any noise.
Cheers,
Cam