They use hacked servers/accounts to send spam.
See: https://www.google.com/search?q=%22epostego.com%22
udmiztore@epostego.com
zoloudmila@epostego.com
;; QUESTION SECTION:
;epostego.com. IN MX
;; ANSWER SECTION:
epostego.com. 21599 IN MX 10 aspmx2.googlemail.com.
epostego.com. 21599 IN MX 5 alt1.aspmx.l.google.com.
epostego.com. 21599 IN MX 1 aspmx.l.google.com. 74.125.137.26
epostego.com. 21599 IN MX 5 alt2.aspmx.l.google.com.
epostego.com. 21599 IN MX 10 aspmx3.googlemail.com.
_______
One sample:
Received: from mcegress-30-lw-149.correio.biz (mcegress-30-lw-149.correio.biz [191.252.30.149])
by xxx; Sun, 11 Oct 2020 08:22:11 -0400 (EDT)
X-Sender-Id: x-authuser|leobousquet2@globo.com
Received: from jimmy0001.correio.biz (unknown [10.30.225.41])
by mcrelay.correio.biz (Postfix) with ESMTP id xx;
Sun, 11 Oct 2020 09:22:08 -0300 (-03)
X-Sender-Id: x-authuser|leobousquet2@globo.com
Received: from jimmy0001.correio.biz (relay-179-188-30-4.globo.com
[10.30.224.225])
by 0.0.0.0:2500 (trex/5.9.14);
Sun, 11 Oct 2020 09:22:08 -0300
X-LW-Relay: Bad
X-LW-SenderId: x-authuser|leobousquet2@globo.com
Received: from jimmy0001.correio.biz (localhost [127.0.0.1])
by jimmy0001.correio.biz (Postfix) with ESMTP id xx;
Sun, 11 Oct 2020 09:22:08 -0300 (-03)
Received: from kim0010.globo.correio.biz (kim0010.globo.correio.biz [179.188.28.10])
by jimmy0001.correio.biz (Postfix) with ESMTP id xx;
Sun, 11 Oct 2020 09:22:07 -0300 (-03)
x-globo-id: xx
X-AuthUser: leobousquet2@globo.com
Received: from E-OmniNet (unknown [69.139.90.144])
(Authenticated sender: leobousquet2@globo.com)
by kim0010.globo.correio.biz (Postfix) with ESMTPA id xx;
Sun, 11 Oct 2020 09:22:55 -0300 (-03)
Message-ID: <xx@globo.com>
Reply-To: «Luda» <udmiztore@epostego.com>
From: «Luda» <leobousquet2@globo.com>
Date: Sun, 11 Oct 2020 16:22:22 +0400
Organization: udmiztore@epostego.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=»xx»
X-Outbound-RspamD: yes
X-MC: yes
Subject: ntworte mir, ich warte auf deine Briefe, ich vermisse dich wirklich.