Jump to content


Photo

microburst spamming


  • Please log in to reply
1 reply to this topic

#1 Kevin Goebel

Kevin Goebel
  • Members
  • 21 posts

Posted 21 October 2019 - 11:30 AM

We're getting hit with "microburst" spamming. We get spammed with a topic, but using several subject lines (i.e. gift cards "get a free giftcard" "here is your gift card"), from 2 or 3 domains at the same time, and 2 or 3 addresses within each domain. We get between 30 and 50 spams from each domain (staying under our rate control limit). They have been scoring @4.4 - 4.5 and we have too many legitimate e-mails scoring that high to lower our block setting to that.

I put some domain filters blocks into our Barracuda 600 as a test, but so far, the haven't been repeating. I checked the source IPs and they are from all over Europe and the US.
The payload is a link that changes with each domain change: ie
www.jennyshibetti.com/more-info/0153850337758344/index/info
www.learnritedrivingschool.com/more-info/0164985450030167/index/info
www.ggitrinidad.com/more-info/01272869229675120/index/info

By the time our Barracuda 600 finds them in the log, they have stopped and switched to a different domains, topics, servers, and key words. The spammer started October 9th, seems to hack from 9:30am to 3:30pm (Central Time), and doesn't appear to work on USA weekends.

Has anyone run into this type of attack and found a way to block the bulk of the spam?

Would anyone using the cloud version know if it catches this type of spam?

Thanks,

Kevin

#2 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 387 posts

Posted 21 October 2019 - 01:59 PM

On the Barracuda Email Security Gateway you can set up and use the Bayesian service which when used correctly will score mail you designate as not spam lower and mail you designate as spam higher allowing your spam scoring system to work better. I recommend you read this completely before starting to use Bayesian

https://campus.barra...GiArq2Wkib&so=4

On the Barracuda Email Security Service (cloud service) one of the advantages is that we see attacks across the service as a whole. So while your unit is seeing a few messages at a time to one domain the cloud service can see this attack hitting hundreds or thousands of domains at the same time and will classify this mail as suspicious which will often see this attack stopped rather quickly.

There are several advantages to the cloud service and it seeing all incoming mail to all customers in a particular region allowing it to find and block spam attacks much faster than on the hardware unit is one of them.

Sincerely,

 

 

 


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300