AW: Uptick in spam
Octavio Alvarez
octalnanog at alvarezp.org
Wed Oct 28 07:44:04 UTC 2015
On 10/27/2015 05:09 AM, Ian Smith wrote:
> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
> <octalnanog at alvarezp.org <mailto:octalnanog at alvarezp.org>> wrote:
>
> On 26/10/15 11:38, Jürgen Jaritsch wrote:
> <snip>
>
> But it is originating all from different IP addresses. Who knows if this
> is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from
> NANOG and is just getting
> its goal accomplished.
>
>
>
> This is the part that's been bugging me. Doesn't the NANOG server
> implement SPF checking on inbound list mail? jdlabs.fr
> <http://jdlabs.fr> doesn't appear to have an SPF record published. It
> seems to me that these messages should have been dropped during the
> connection.
That doesn't stop spam from hijacked accounts.
For this case, an account was compromised, apparently. What if after 6
messages in the last 5 minutes with the same or absent 'In-Reply-To'
moves the account to moderation mode.
Easier said than implemented, though.
More information about the NANOG
mailing list