As a new trojan heads around the world attacking phones to use them to send spam, it is surprising that cel networks don’t lock down port 25 as well. Cel phones are roaming devices typically, and should use port 587 to send email, but it is surprising how much spam originates from phones themselves, probably without the person knowing (other than they seem to use a lot of data, oh could that be why it isn’t locked down 😉
Todays’s spam of the day was a broken botnet, with an rDNS of “Received: from mobile-166-176-57-15.mycingular.net (HELO smtp.example.com) (18.104.22.168)”
Looks like it is a Windows phone, but the bot isn’t correctly configured, as it sends commands in the wrong order, so most spam filters can stop it quite easily, “SUBJECT: PCB Electronic (USA) Mfr needs Rep” “X-Mailer: Rapid-Emailer”
They send with a MAIL FROM: like.. Return-Path: , and while @mailbolt.com does have an SPF record, “v=spf1 include:spf.messagingengine.com ?all” (not too helpful) the real issue is allowing dynamic devices in the IoT (Internet of Things) to send out ANY of this painful traffic to everyone. Same goes with all of the South American ISP’s that recently were part of a very large botnet.. Simply put EGRESS filtering on port 25 for all dynamic space, and do the world a favour.