That the server only sent e-mail but did not receive it isn't exculpatory by itself. Most receivers will do a reverse DNS query (PTR); some will even do queries by walking the Received: header chain as part of anti-spam measures. And if the server was indeed sending e-mail (or similar activity) through a relay, that makes the peculiar Alfa and DeVos activity even more suspect.
Anyone know what kind of person might be able to look at DNS traffic logs as described in the article? (Outside of a government with or without legal authority to do so.)
2 comments
[ 1.8 ms ] story [ 15.7 ms ] thread