We received an email today that provided some interesting information from a reader (Bjorn) about some observed SMTP traffic that was unusal. From the appearance it could be related to exfil or C2. The domain in question is donotspamtoday.com whose IP is 126.96.36.199 and there is an DNS TXT entry for SPF. The domain was registered March 20, 2018. I have been unable to find any additional examples or information of similar traffic.