Community Forum

The spammers appear to be hacking Comcast using IPv6

New Poster

The spammers appear to be hacking Comcast using IPv6

Here is an email that is clearly spam.  The mail arrives via IPv6 to comcast.   The source IPv6 name that is used is "nj2mta-120.sailthru.com".  Now the spammer (thenextweb.com) also dumps some extra headers into the email that don't appear to be related to the activity today.   I have tried to get comcast to address but the tech assigned didn't seem to understand that this wasn't related to my "home network" and was related to "comcast mail infrastructure".

 

I am able to block these guys by searching for "nj2mta-120.sailthru.com" in the mail header and sending it to the junk folder in outlook.

 

If only Comcast could fix this problem instead of leaving the hole open for any spammer with an IPv6 connection and the chops to exploit the issue.  Now sailthru.com is a spammer of some skill.  They use mailchimp and I am going to be talking to them about this.

 

Below is the source of the email from  the xfinity email web portal.  The only thing i changes was I replaced my userid with "<myaccount>".  Nothing else was changed.

 

Return-Path: <>
Delivered-To: <myaccount>@comcast.net
Received: from dovdir1-asb-07o.email.comcast.net ([69.252.207.50])
 by dovback1-asb-07o.email.comcast.net with LMTP id WIGVDtfbNlyzOwAAzePVVA
 for <<myaccount>@comcast.net>; Thu, 10 Jan 2019 05:44:55 +0000
Received: from dovpxy-asb-05o.email.comcast.net ([69.252.207.50])
 by dovdir1-asb-07o.email.comcast.net with LMTP id qJpeDtfbNlwHfgAA9sQwew
 ; Thu, 10 Jan 2019 05:44:55 +0000
Received: from resimta-ch2-31v.sys.comcast.net ([69.252.207.50])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 by dovpxy-asb-05o.email.comcast.net with LMTP id 0P/0CNfbNlwRDQAAokVXmw
 ; Thu, 10 Jan 2019 05:44:55 +0000
Received: from nj2mta-120.sailthru.com ([IPv6:2a0d:1dc3:5600:3856:3676:5862:2839:3427])
 by resimta-ch2-31v.sys.comcast.net with ESMTP
 id hT8xgZQnvSKOthT9CgS4V1; Thu, 10 Jan 2019 05:44:54 +0000
X-CAA-SPAM: F00000
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedtledrfedvgdekjecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihenuceurghilhhouhhtmecufedttdenucgoufhprghmjfgurhculdeftddtmdenucfjughrpefuhfhrvfffkffojehpjfgtggesrgdttderredtjeenucfhrhhomhepjghumhhmhicuifhumhhmhihsuceofhhpohhsthhlvgestghomhgtrghsthdrnhgvtheqnecukfhppedvrgdtugemudgutgefmeehiedttdemfeekheeimeefieejieemheekiedvmedvkeefleemfeegvdejpddvtdehrddvtddurdduvdelrdehfeenucfrrghrrghmpehhvghlohepnhhjvdhmthgrqdduvddtrdhsrghilhhthhhruhdrtghomhdpihhnvghtpedvrgdtugemudgutgefmeehiedttdemfeekheeimeefieejieemheekiedvmedvkeefleemfeegvdejpdhrtghpthhtohepfhhpohhsthhlvgestghomhgtrghsthdrnhgvthdphhgvlhhopegvmhgrihhluddrthhhvghnvgigthifvggsrdgtohhmpdhinhgvthepvddthedrvddtuddruddvledrheefpdhmrghilhhfrhhomhepsghouhhntggvqdhmtgdruhhsudgpiedvheehjedrvdejiedvhedqtghhrghmphgrghhnvghthhhrihhtvggvnheptghomhgtrghsthdrnhgvthesvghmrghilhdurdhthhgvnhgvgihtfigvsgdrtghomhdprhgtphhtthhopegthhgrmhhprghgnhgvthhhrhhithgvvghnsegtohhmtggrshhtrdhnvghtnecuvehluhhsthgvrhfuihiivgepuddu
X-Xfinity-VMeta: sc=300;st=spam
X-Xfinity-Message-Heuristics: IPv6:Y;TLS=0;SPF=0;DMARC=F
X-Comcast-SMTP-Spoor:  http://clickfor.net
Authentication-Results: resimta-ch2-31v.sys.comcast.net;
 dkim=fail (signature verification failed) header.d=thenextweb.com
 header.i=newsletter@thenextweb.com header.b=WXZO9Wip
Return-Path: <bounce-mc.us1_62557.27625-champagnethriteen=comcast.net@email1.thenextweb.com>
Delivered-To: <myaccount>@comcast.net
Received: from dovdir1-hoc-02o.email.comcast.net ([69.252.207.53])
 by dovback1-hoc-02o.email.comcast.net with LMTP id GEoWD4oBNlw0AwAA/o8vPQ
 for <champagnethriteen@comcast.net>; Wed, 09 Jan 2019 14:13:30 +0000
Received: from dovpxy-ch2h-06o.email.comcast.net ([69.252.207.53])
 by dovdir1-hoc-02o.email.comcast.net with LMTP id +JToB4oBNlzOXQAANZqong
 ; Wed, 09 Jan 2019 14:13:30 +0000
Received: from resimta-ch2-34v.sys.comcast.net ([69.252.207.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 by dovpxy-ch2h-06o.email.comcast.net with LMTP id UBYMKYkBNlwUTQAANiH8ww
 ; Wed, 09 Jan 2019 14:13:29 +0000
Received: from email1.thenextweb.com ([205.201.129.53])
 by resimta-ch2-34v.sys.comcast.net with ESMTP
 id hEb1ge7IsY3ZdhEbcgZZJx; Wed, 09 Jan 2019 14:13:20 +0000
Authentication-Results: resimta-ch2-34v.sys.comcast.net;
 dkim=pass header.d=thenextweb.com header.i=newsletter@thenextweb.com
 header.b=WXZO9Wip
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; d=thenextweb.com;
 h=Subject:From:Reply-To:Toate:Message-ID:List-ID:List-Unsubscribe:
 Content-Type:MIME-Version; i=newsletter@thenextweb.com;
 bh=H6wfXs2opCtWhud0krdTDjxBvlxdYlEYIFzojpfwGYI=;
 b=WXZO9WipujRMtf2hJndF/dBvSDcGUofMfb06F/T9KKMmc54qeF17VjXf+TW7A4YsMsOqwmSET9om
   AARxLcx+ym19isL/bWjUjfBbFEw+EhFj2hboLQibTlJeTYSwuBqhhw9Gcg8Hpj55fWdmeSMq6QkU
   HMuUDzgFmdmlSt3sf4A=
Received: from (127.0.0.1) by email1.thenextweb.com id h6o0o02ddl44 for <champagnethriteen@comcast.net>; Wed, 9 Jan 2019 14:12:36 +0000 (envelope-from <bounce-mc.us1_62557.27625-champagnethriteen=comcast.net@email1.thenextweb.com>)
Subject: CBD Gummys Now Legal in All 50 States
From: Yummy Gummys <<myaccount>@comcast.net>
Reply-To:  <us1-936bd1683a-a4af22e45f@3nj5.plansew.com>
To: <<myaccount>@comcast.net>
Date: Thu, 10 Jan 2019 00:38:25 -0500
Message-ID: <22ec88eb9b9d8bc3bcf660787.d8ae7db7d8.20190109141152.4ddbe10df4.8f3f39f0@email1.thenextweb.com>
X-Mailer: MailChimp Mailer - *CID4ddbe10df4d8ae7db7d8*
X-Campaign: mailchimp22ec88eb9b9d8bc3bcf660787.4ddbe10df4
X-campaignid: mailchimp22ec88eb9b9d8bc3bcf660787.4ddbe10df4
X-Report-Abuse: Please report abuse for this campaign here: https://mailchimp.com/contact/abuse/?u=22ec88eb9b9d8bc3bcf660787&id=4ddbe10df4&e=d8ae7db7d8
X-MC-User: 22ec88eb9b9d8bc3bcf660787
Feedback-ID: 62557:62557.27625:us1:mc
List-ID: 22ec88eb9b9d8bc3bcf660787mc list <22ec88eb9b9d8bc3bcf660787.3.list-id.mcsv.net>
Precedence: bulk
X-Auto-Response-Suppress: OOF, AutoReply
X-Accounttype: pr
List-Unsubscribe: <https://thenextweb.us1.list-manage.com/unsubscribe?u=22ec88eb9b9d8bc3bcf660787&id=32f70ba9aa&e=d8ae7...>, <mailto:unsubscribe-mc.us1_22ec88eb9b9d8bc3bcf660787.4ddbe10df4-d8ae7db7d8@mailin.mcsv.net?subject=unsubscribe>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Content-Type: text/html;
MIME-Version: 1.0

<center><a href="https://storage.googleapis.com/fhdfgjdfhd/redirect.html">
Click Here<br><imG src="https://storage.googleapis.com/fhdfgjdfhd/VoXb4%5B1%5D.png">
<br>
<a href="https://storage.googleapis.com/fhdfgjdfhd/unsb.html">
<imG src="https://storage.googleapis.com/fhdfgjdfhd/wY799%5B1%5D.png">
<br>