MAPS Blacklisted? It's True!

If this isn't proof that it can happen to anyone, I don't know what is: Apparently MAPS has a compromised computer, found to be sending spam, and that IP address is now blacklisted.

A recent post to the SPAM-L discussion list tipped me off. Someone there noted hits in their maillog from August 15th, suggesting that 168.61.10.155 connected to their mail server, forged an unrelated domain in the envelope sender, and tried to send a message with a subject of “Movie-quality e-card.” Reliable sources suggest that this is an indication of a “Storm” infected desktop.

Secure Computing's TrustedSource Research Portal indicates that traffic from this IP address was first seen back in March. According to that site, the current reputation of this IP address is “Malicious.”

The EmailStuff DNSBL lookup indicates that this IP address is listed on the following blacklists as of August 19th, 2007: CBL, Spamhaus XBL, and SORBS web.

The IP address 168.61.10.155 maps to the FQDN (fully qualified domain name) SJC-Office-DHCP-155.Mail-Abuse.ORG, suggesting that this is a DHCP-assigned IP address in a San Jose office of MAPS (the Mail Abuse Protection System).

Way back about a hundred years ago (okay, about seven years ago), I worked for MAPS. Back then, they were the most feared anti-spam blacklist around. Find yourself on the wrong end of the listing, and 40% of your mail would likely be rejected, because so many internet mail servers around the world utilized the MAPS blacklists.

Since then, many things have changed. The MAPS lists went from free to for-pay usage. MAPS itself went through layoffs and multiple asset transfers. Nowadays, the MAPS data seems to be components of commercial products available from Trend Micro.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.