hello,<p>in the last few years i'm observing some recurring pattern on my mail-server system (SMTP):<p>every now & then, its gets "flooded" by lots and lots of invalid delivery-attempts for at least multiple days up to multiple weeks at a time with the following characteristics:<p># low number of delivery-attempts - only one about every 10 seconds<p># with <i>a lot</i> of recipients for each single delivery - hitting the max recipient limit of the system<p># originating from random ipv4-addresses<p># the delivery uses random but "valid"-looking source-addresses<p># targeting valid domains on the mail-system itself<p># but using random / invalid (!) recipient-addresses - eg. the "local" part<p>don't get me wrong, i'm not looking for "technical advice", i'm more than capable to handle such lets call it "minor annoyances" all by myself.<p>but i ask myself the following questions for several years now:<p>what is the "rational" behind this!?<p>whats the "object" for people doing this!?<p>eg. whats the "gain" or the "business-proposal" in doing this!?<p>any ideas!?<p>cheers!! :))<p>ps. sure ... the first idea would be: DDOS, but the frequency of the delivery-attempts is not even close to achieve anything like that ... even if my server-system would be based on some older raspberry pis it wouldn't have much impact ;))
There are a lot of services that "guess" valid email addresses for a given business contact. (Think: I have a B2B decision maker's LinkedIn contact info, and I want to cold-email them. What could be their email address?) Think Kitt AI or Rocket Reach. There are also "email validators" that check if your email list is still good.
Sounds like they're just trying to brute force addresses. Sometimes their guesses will hit a valid address. And in those cases they can tell from the server's response, and can then harvest the address.<p>If the address is the probe fit certain patterns, the mail server can have rules to look for those and black hole the host.