Black List Incident - finding the appropiate solution

Forum|Forum|10 years ago
January 22, 2016
2 replies
1780 views

We've recently been black listed for hitting a spam trap. The probem is that I don't understand the description very well:

Type: Project Honey Pot IPs Engaged In Dictionary Attacks On Your Network: 199.15.214.49 (D) Mon, 18 Jan 2016 10:19PM PST Dictionary-Attack-Username: puk Mon, 18 Jan 2016 10:19PM PST Dictionary-Attack-Username: jb

Can someone help me understand what: Dictionary-Attack-Username: puk and Dictionary-Attack-Username: jb mean?

How can I solve this efficiently, and where to look at?

I'd like to mention that following the Best practices in this case does not help me very much.

Kind regards,

Mihai

Marketo

A

Anonymous

I believe this means you are using the email dictionary from the domain to email people who have not opted in to your email campaign

Josh_Hill13

Level 10

So this would be a guessing algorithm or a list that was scraped or interpolated?

I would call Support or the Deliverability Team because if this is a shared IP, then you may not be responsible for this and they can move you to another IP.

SanfordWhiteman

Level 10

Mihai, a dictionary attack is when a server attempts to send mail to a list of common and/or short usernames in the expectation that as "OG addresses" they are likely to exist. For example, here your Marketo IP was used to send mail to jb@example.com and puk@example.com (it could also be two different domains) where the mail server for those domain(s) is a honeypot, a.k.a. a server used by the spamfighting organization Project Honeypot specifically to catch spammers. Even if those addresses exist, anyone using them is considered malicious. This is a common problem with purchased lists, which are polluted with addresses that, while extant, are actually gathered from honeypots.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded