Spamming of NANOG list members
Sandra Murphy
sandy at tislabs.com
Thu May 23 22:27:46 UTC 2019
Mine came 21 May. It was a .doc.
Sent from charter.net, with the user portion of the sender very similar to a nanog contributor.
And it arrived oddly coincident with my visit to the cvent registration page. Any others who had that coincidence?
—Sandy
> On May 23, 2019, at 5:39 PM, Richard <rgolodner at infratection.com> wrote:
>
> On 5/23/19 4:16 PM, Matt Harris wrote:
>> On Thu, May 23, 2019 at 4:13 PM Hansen, Christoffer <christoffer at netravnen.de> wrote:
>> Appreciate the warning!
>>
>> On 23/05/2019 19:46, Valerie Wittkop wrote:
>> > These messages are not flowing through NANOG servers, nor using the NANOG domain. They are not messages coming from the NANOG organization. Please be aware if you receive a message matching this description and always make sure to scan attachments for a virus.
>>
>> The one I received looked like this:
>>
>> > From: "NANOG" <service at cegips.pl>
>>
>> ...
>>
>> Has it been considered switching to "-all", instead of only "~all" in
>> the spf record?
>>
>> > $ dig +short +nocmd +nocomments TXT nanog.org
>> > "v=spf1 include:_spf.google.com ip4:104.20.199.50 ip4:104.20.198.50 ip4:50.31.151.75 ip4:50.31.151.76 ip6:2001:1838:2001:8::19 ip6:2001:1838:2001:8::20 ip6:2400:cb00:2048:1::6814:c632 ip6:2400:cb00:2048:1::6814:c732 ~all"
>>
>> -Christoffer
>>
>> The SPF record wouldn't make a difference since that email was sent from @cegips.pl, not from @nanog.org. You'd have to change the SPF record for the cegips.pl domain to impact their ability to send from that address.
>>
> The one I received was from rainphil.com and came with an ugly Trojan attached as a PDF.
>
> Has anyone else received this type or am I just fortunate?
>
> Richard Golodner
>
>
>
>
More information about the NANOG
mailing list