AW: Uptick in spam
Jim Popovitch
jimpop at gmail.com
Wed Oct 28 19:28:08 UTC 2015
On Wed, Oct 28, 2015 at 3:44 AM, Octavio Alvarez
<octalnanog at alvarezp.org> wrote:
>
>
> On 10/27/2015 05:09 AM, Ian Smith wrote:
>>
>> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
>> <octalnanog at alvarezp.org <mailto:octalnanog at alvarezp.org>> wrote:
>>
>> On 26/10/15 11:38, Jürgen Jaritsch wrote:
>> <snip>
>>
>> But it is originating all from different IP addresses. Who knows if
>> this
>> is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from
>> NANOG and is just getting
>> its goal accomplished.
>>
>>
>>
>> This is the part that's been bugging me. Doesn't the NANOG server
>> implement SPF checking on inbound list mail? jdlabs.fr
>> <http://jdlabs.fr> doesn't appear to have an SPF record published. It
>> seems to me that these messages should have been dropped during the
>> connection.
>
>
> That doesn't stop spam from hijacked accounts.
>
> For this case, an account was compromised, apparently.
There was no account compromise, it was only oddball webservers that
were compromised and then used in a spam run where the From was set to
a nanog subscriber's email address.
> What if after 6 messages in the last 5 minutes with the same or absent
> 'In-Reply-To' moves he account to moderation mode.
>
> Easier said than implemented, though.
>
This is already under consideration, by me, for a mailman patch.
It's a good idea that has been around for a while and is well worth
having as an option.
-Jim P.
More information about the NANOG
mailing list