in the last few years i'm observing some recurring pattern on my mail-server system (SMTP):
every now & then, its gets "flooded" by lots and lots of invalid delivery-attempts for at least multiple days up to multiple weeks at a time with the following characteristics:
# low number of delivery-attempts - only one about every 10 seconds
# with a lot of recipients for each single delivery - hitting the max recipient limit of the system
# originating from random ipv4-addresses
# the delivery uses random but "valid"-looking source-addresses
# targeting valid domains on the mail-system itself
# but using random / invalid (!) recipient-addresses - eg. the "local" part
don't get me wrong, i'm not looking for "technical advice", i'm more than capable to handle such lets call it "minor annoyances" all by myself.
but i ask myself the following questions for several years now:
what is the "rational" behind this!?
whats the "object" for people doing this!?
eg. whats the "gain" or the "business-proposal" in doing this!?
any ideas!?
cheers!! :))
ps. sure ... the first idea would be: DDOS, but the frequency of the delivery-attempts is not even close to achieve anything like that ... even if my server-system would be based on some older raspberry pis it wouldn't have much impact ;))
If the address is the probe fit certain patterns, the mail server can have rules to look for those and black hole the host.