AW: Uptick in spam

• Previous message (by thread): AW: Uptick in spam
• Next message (by thread): Uptick in spam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 28, 2015 at 3:44 AM, Octavio Alvarez
<octalnanog at alvarezp.org> wrote:
>
>
> On 10/27/2015 05:09 AM, Ian Smith wrote:
>>
>> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
>> <octalnanog at alvarezp.org <mailto:octalnanog at alvarezp.org>> wrote:
>>
>>     On 26/10/15 11:38, Jürgen Jaritsch wrote:
>>     <snip>
>>
>>     But it is originating all from different IP addresses. Who knows if
>> this
>>     is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from
>>     NANOG and is just getting
>>     its goal accomplished.
>>
>>
>>
>> This is the part that's been bugging me.  Doesn't the NANOG server
>> implement SPF checking on inbound list mail? jdlabs.fr
>> <http://jdlabs.fr> doesn't appear to have an SPF record published.  It
>> seems to me that these messages should have been dropped during the
>> connection.
>
>
> That doesn't stop spam from hijacked accounts.
>
> For this case, an account was compromised, apparently.

There was no account compromise, it was only oddball webservers that
were compromised and then used in a spam run where the From was set to
a nanog subscriber's email address.

> What if after 6 messages in the last 5 minutes with the same or absent
> 'In-Reply-To' moves he account to moderation mode.
>
> Easier said than implemented, though.
>

This is already under consideration, by me, for a mailman patch.
It's a good idea that has been around for a while and is well worth
having as an option.

-Jim P.

• Previous message (by thread): AW: Uptick in spam
• Next message (by thread): Uptick in spam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]