
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">On 5/23/19 4:16 PM, Matt Harris wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CAHdm834LwGj7yLtC3-yTQMJkYct9ce7m2fvjZL54s+O7utW6WA@mail.gmail.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div dir="ltr">

        <div dir="ltr">On Thu, May 23, 2019 at 4:13 PM Hansen,

          Christoffer <<a href="mailto:christoffer@netravnen.de"

            moz-do-not-send="true">christoffer@netravnen.de</a>>

          wrote:<br>

        </div>

        <div class="gmail_quote">

          <blockquote class="gmail_quote" style="margin:0px 0px 0px

            0.8ex;border-left:1px solid

            rgb(204,204,204);padding-left:1ex">Appreciate the warning!<br>

            <br>

            On 23/05/2019 19:46, Valerie Wittkop wrote:<br>

            > These messages are not flowing through NANOG servers,

            nor using the NANOG domain. They are not messages coming

            from the NANOG organization. Please be aware if you receive

            a message matching this description and always make sure to

            scan attachments for a virus.<br>

            <br>

            The one I received looked like this:<br>

            <br>

            > From: "NANOG" <<a href="mailto:service@cegips.pl"

              target="_blank" moz-do-not-send="true">service@cegips.pl</a>><br>

            <br>

            ...<br>

            <br>

            Has it been considered switching to "-all", instead of only

            "~all" in<br>

            the spf record?<br>

            <br>

            > $ dig +short +nocmd +nocomments TXT <a

              href="http://nanog.org" rel="noreferrer" target="_blank"

              moz-do-not-send="true">nanog.org</a><br>

            > "v=spf1 include:_<a href="http://spf.google.com"

              rel="noreferrer" target="_blank" moz-do-not-send="true">spf.google.com</a>

            ip4:104.20.199.50 ip4:104.20.198.50  ip4:50.31.151.75

            ip4:50.31.151.76 ip6:2001:1838:2001:8::19

            ip6:2001:1838:2001:8::20 ip6:2400:cb00:2048:1::6814:c632

            ip6:2400:cb00:2048:1::6814:c732 ~all"<br>

            <br>

                    -Christoffer<br>

          </blockquote>

        </div>

        <div><br>

        </div>

        <div>The SPF record wouldn't make a difference since that email

          was sent from @<a href="http://cegips.pl"

            moz-do-not-send="true">cegips.pl</a>, not from @<a

            href="http://nanog.org" moz-do-not-send="true">nanog.org</a>. 

          You'd have to change the SPF record for the <a

            href="http://cegips.pl" moz-do-not-send="true">cegips.pl</a>

          domain to impact their ability to send from that address.  <br>

        </div>

        <div><br>

        </div>

      </div>

    </blockquote>

    <p><font size="+1">The one I received was from <u>rainphil.com</u>

        and came with an ugly Trojan attached as a PDF. <br>

      </font></p>

    <p><font size="+1">Has anyone else received this type or am I just

        fortunate?</font></p>

    <p><font size="+1">Richard Golodner<br>

      </font></p>

    <p><font size="+1"><br>

      </font></p>

    <p><font size="+1"></font><br>

    </p>

  </body>

</html>