Black List Incident - finding the appropiate solution

Highlighted
Level 3

Black List Incident - finding the appropiate solution

We've recently been black listed for hitting a spam trap. The probem is that I don't understand the description very well:

Type: Project Honey Pot IPs Engaged In Dictionary Attacks On Your Network: 199.15.214.49 (D) Mon, 18 Jan 2016 10:19PM PST Dictionary-Attack-Username: puk Mon, 18 Jan 2016 10:19PM PST Dictionary-Attack-Username: jb

Can someone help me understand what: Dictionary-Attack-Username: puk and Dictionary-Attack-Username: jb mean?

How can I solve this efficiently, and where to look at?

I'd like to mention that following the Best practices in this case does not help me very much.

Kind regards,

Mihai

3 REPLIES 3
Highlighted
Anonymous
Not applicable

Re: Black List Incident - finding the appropiate solution

I believe this means you are using the email dictionary from the domain to  email people who have not opted in to your email campaign

Highlighted
Level 10 - Champion Alumni

Re: Black List Incident - finding the appropiate solution

So this would be a guessing algorithm or a list that was scraped or interpolated?

I would call Support or the Deliverability Team because if this is a shared IP, then you may not be responsible for this and they can move you to another IP.

Highlighted
Level 10 - Community Moderator

Re: Black List Incident - finding the appropiate solution

Mihai, a dictionary attack is when a server attempts to send mail to a list of common and/or short usernames in the expectation that as "OG addresses" they are likely to exist.  For example, here your Marketo IP was used to send mail to jb@example.com and puk@example.com (it could also be two different domains) where the mail server for those domain(s) is a honeypot, a.k.a. a server used by the spamfighting organization Project Honeypot specifically to catch spammers.  Even if those addresses exist, anyone using them is considered malicious.  This is a common problem with purchased lists, which are polluted with addresses that, while extant, are actually gathered from honeypots.