AW: Uptick in spam

Jim Popovitch jimpop at
Wed Oct 28 19:28:08 UTC 2015

On Wed, Oct 28, 2015 at 3:44 AM, Octavio Alvarez
<octalnanog at> wrote:
> On 10/27/2015 05:09 AM, Ian Smith wrote:
>> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
>> <octalnanog at <mailto:octalnanog at>> wrote:
>>     On 26/10/15 11:38, Jürgen Jaritsch wrote:
>>     <snip>
>>     But it is originating all from different IP addresses. Who knows if
>> this
>>     is an attack to get * <> blocked from
>>     NANOG and is just getting
>>     its goal accomplished.
>> This is the part that's been bugging me.  Doesn't the NANOG server
>> implement SPF checking on inbound list mail?
>> <> doesn't appear to have an SPF record published.  It
>> seems to me that these messages should have been dropped during the
>> connection.
> That doesn't stop spam from hijacked accounts.
> For this case, an account was compromised, apparently.

There was no account compromise, it was only oddball webservers that
were compromised and then used in a spam run where the From was set to
a nanog subscriber's email address.

> What if after 6 messages in the last 5 minutes with the same or absent
> 'In-Reply-To' moves he account to moderation mode.
> Easier said than implemented, though.

This is already under consideration, by me, for a mailman patch.
It's a good idea that has been around for a while and is well worth
having as an option.

-Jim P.

More information about the NANOG mailing list