Spamming of NANOG list members

Matt Harris matt at netfire.net
Thu May 23 21:16:07 UTC 2019


On Thu, May 23, 2019 at 4:13 PM Hansen, Christoffer <
christoffer at netravnen.de> wrote:

> Appreciate the warning!
>
> On 23/05/2019 19:46, Valerie Wittkop wrote:
> > These messages are not flowing through NANOG servers, nor using the
> NANOG domain. They are not messages coming from the NANOG organization.
> Please be aware if you receive a message matching this description and
> always make sure to scan attachments for a virus.
>
> The one I received looked like this:
>
> > From: "NANOG" <service at cegips.pl>
>
> ...
>
> Has it been considered switching to "-all", instead of only "~all" in
> the spf record?
>
> > $ dig +short +nocmd +nocomments TXT nanog.org
> > "v=spf1 include:_spf.google.com ip4:104.20.199.50 ip4:104.20.198.50
> ip4:50.31.151.75 ip4:50.31.151.76 ip6:2001:1838:2001:8::19
> ip6:2001:1838:2001:8::20 ip6:2400:cb00:2048:1::6814:c632
> ip6:2400:cb00:2048:1::6814:c732 ~all"
>
>         -Christoffer
>

The SPF record wouldn't make a difference since that email was sent from @
cegips.pl, not from @nanog.org.  You'd have to change the SPF record for
the cegips.pl domain to impact their ability to send from that address.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190523/f3ed1648/attachment.html>


More information about the NANOG mailing list