AW: Uptick in spam

Octavio Alvarez octalnanog at
Wed Oct 28 07:44:04 UTC 2015

On 10/27/2015 05:09 AM, Ian Smith wrote:
> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
> <octalnanog at <mailto:octalnanog at>> wrote:
>     On 26/10/15 11:38, Jürgen Jaritsch wrote:
>     <snip>
>     But it is originating all from different IP addresses. Who knows if this
>     is an attack to get * <> blocked from
>     NANOG and is just getting
>     its goal accomplished.
> This is the part that's been bugging me.  Doesn't the NANOG server
> implement SPF checking on inbound list mail?
> <> doesn't appear to have an SPF record published.  It
> seems to me that these messages should have been dropped during the
> connection.

That doesn't stop spam from hijacked accounts.

For this case, an account was compromised, apparently. What if after 6 
messages in the last 5 minutes with the same or absent 'In-Reply-To' 
moves the account to moderation mode.

Easier said than implemented, though.

More information about the NANOG mailing list