AW: Uptick in spam

Octavio Alvarez octalnanog at alvarezp.org
Wed Oct 28 07:44:04 UTC 2015


On 10/27/2015 05:09 AM, Ian Smith wrote:
> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
> <octalnanog at alvarezp.org <mailto:octalnanog at alvarezp.org>> wrote:
>
>     On 26/10/15 11:38, Jürgen Jaritsch wrote:
>     <snip>
>
>     But it is originating all from different IP addresses. Who knows if this
>     is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from
>     NANOG and is just getting
>     its goal accomplished.
>
>
>
> This is the part that's been bugging me.  Doesn't the NANOG server
> implement SPF checking on inbound list mail? jdlabs.fr
> <http://jdlabs.fr> doesn't appear to have an SPF record published.  It
> seems to me that these messages should have been dropped during the
> connection.

That doesn't stop spam from hijacked accounts.

For this case, an account was compromised, apparently. What if after 6 
messages in the last 5 minutes with the same or absent 'In-Reply-To' 
moves the account to moderation mode.

Easier said than implemented, though.




More information about the NANOG mailing list