Shame on you, stupid spammers.. Sh4meful  DMARC Spoof Detection

DMARC Spoof Detection, Failed Authentications

Sh4meful tracks IP addresses caught sending unauthorized email, detected through DMARC report analysis across millions of authentication records.

Every entry here is an IP address that failed both SPF and DKIM authentication checks for domains I monitor. In most cases, that means someone (or something) used the domain name without permission; a signature pattern of email spoofing, phishing, spam, and other abusive mail activity.

The dataset is drawn from DMARC aggregate reports and represents a fraction of a larger corpus spanning millions of messages. Each record shows what failed and where: the source IP, its network, its geography, and limited metadata from the authentication event. Determining intent, whether a failure is hostile or incidental, requires context beyond what DMARC provides, but the patterns speak clearly enough at volume.

Not every failure is malicious. Some legitimate services (email security gateways, spam filters, phishing analysis platforms) break authentication as a side effect of message inspection or forwarding. I track these confounders separately and hide them by default, though they remain available for review. Much of that traffic is benign infrastructure noise. Some isn't.

Elements of this dataset and supporting models will eventually be open-sourced on GitHub. (More)

Failures Detected

8,902

Unique IPs

2,973

Unique Networks

1,168

Failed Messages

14,902

DMARC Activity

Most Active Networks by Spoof Volume (30 days)

Top networks by failed message volume over the last 30 days.

OMEGATECH

21 spoofing attempts
3 unique source IPs

LT-HOSTBALTIC-10

18 spoofing attempts
1 unique source IP

UZTELECOM

18 spoofing attempts
14 unique source IPs

KAPPA-IN

16 spoofing attempts
6 unique source IPs

Cogetel

15 spoofing attempts
9 unique source IPs

CMNET

13 spoofing attempts
7 unique source IPs

CHINANET-NM

13 spoofing attempts
5 unique source IPs

T-FGU.EDU.TW-NET

11 spoofing attempts
2 unique source IPs

OUL-16

11 spoofing attempts
3 unique source IPs

FRTR-LEGACY-FTR13

9 spoofing attempts
1 unique source IP

GPON_FTTH_SERVICES

8 spoofing attempts
6 unique source IPs

GOOGLE-CLOUD

8 spoofing attempts
6 unique source IPs

Telmex Colombia S.A.

8 spoofing attempts
2 unique source IPs

GOOGL-2

8 spoofing attempts
8 unique source IPs

DATALIX

7 spoofing attempts
2 unique source IPs

Most Active IPs by Spoof Volume (30 days)

Top IP addresses by failed message volume over the last 30 days.

IP Intelligence Report for 141.98.10.86

Lithuania
18 failed messages
Last seen: 7/10/2026

IP Intelligence Report for 91.92.241.38

The Netherlands
14 failed messages
Last seen: 7/9/2026

IP Intelligence Report for 50.127.181.82

United States
9 failed messages
Last seen: 7/9/2026

IP Intelligence Report for 176.100.36.170

Germany
6 failed messages
Last seen: 6/23/2026

IP Intelligence Report for 15.204.234.4

United States
6 failed messages
Last seen: 7/7/2026

IP Intelligence Report for 120.101.61.23

Taiwan
6 failed messages
Last seen: 7/1/2026

IP Intelligence Report for 178.16.53.39

The Netherlands
6 failed messages
Last seen: 7/3/2026

IP Intelligence Report for 170.80.23.57

Guatemala
5 failed messages
Last seen: 6/29/2026

IP Intelligence Report for 103.93.177.74

India
5 failed messages
Last seen: 6/28/2026

IP Intelligence Report for 193.253.101.87

Réunion
5 failed messages
Last seen: 7/11/2026

IP Intelligence Report for 120.101.61.7

Taiwan
5 failed messages
Last seen: 7/2/2026

IP Intelligence Report for 185.213.116.2

United Kingdom
5 failed messages
Last seen: 7/10/2026

IP Intelligence Report for 123.253.93.94

Pakistan
4 failed messages
Last seen: 6/22/2026

IP Intelligence Report for 41.220.227.170

Kenya
4 failed messages
Last seen: 6/23/2026

IP Intelligence Report for 199.193.205.208

United States
4 failed messages
Last seen: 6/23/2026

IP Intelligence Report for 203.211.75.89

New Zealand
4 failed messages
Last seen: 7/16/2026

IP Intelligence Report for 200.142.101.197

Brazil
4 failed messages
Last seen: 6/20/2026

IP Intelligence Report for 4.16.147.249

United States
4 failed messages
Last seen: 6/24/2026

IP Intelligence Report for 186.62.119.215

Argentina
4 failed messages
Last seen: 7/16/2026

IP Intelligence Report for 154.255.68.145

Algeria
4 failed messages
Last seen: 6/22/2026