<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 5/23/19 4:16 PM, Matt Harris wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAHdm834LwGj7yLtC3-yTQMJkYct9ce7m2fvjZL54s+O7utW6WA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">On Thu, May 23, 2019 at 4:13 PM Hansen,
Christoffer <<a href="mailto:christoffer@netravnen.de"
moz-do-not-send="true">christoffer@netravnen.de</a>>
wrote:<br>
</div>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Appreciate the warning!<br>
<br>
On 23/05/2019 19:46, Valerie Wittkop wrote:<br>
> These messages are not flowing through NANOG servers,
nor using the NANOG domain. They are not messages coming
from the NANOG organization. Please be aware if you receive
a message matching this description and always make sure to
scan attachments for a virus.<br>
<br>
The one I received looked like this:<br>
<br>
> From: "NANOG" <<a href="mailto:service@cegips.pl"
target="_blank" moz-do-not-send="true">service@cegips.pl</a>><br>
<br>
...<br>
<br>
Has it been considered switching to "-all", instead of only
"~all" in<br>
the spf record?<br>
<br>
> $ dig +short +nocmd +nocomments TXT <a
href="http://nanog.org" rel="noreferrer" target="_blank"
moz-do-not-send="true">nanog.org</a><br>
> "v=spf1 include:_<a href="http://spf.google.com"
rel="noreferrer" target="_blank" moz-do-not-send="true">spf.google.com</a>
ip4:104.20.199.50 ip4:104.20.198.50 ip4:50.31.151.75
ip4:50.31.151.76 ip6:2001:1838:2001:8::19
ip6:2001:1838:2001:8::20 ip6:2400:cb00:2048:1::6814:c632
ip6:2400:cb00:2048:1::6814:c732 ~all"<br>
<br>
-Christoffer<br>
</blockquote>
</div>
<div><br>
</div>
<div>The SPF record wouldn't make a difference since that email
was sent from @<a href="http://cegips.pl"
moz-do-not-send="true">cegips.pl</a>, not from @<a
href="http://nanog.org" moz-do-not-send="true">nanog.org</a>.
You'd have to change the SPF record for the <a
href="http://cegips.pl" moz-do-not-send="true">cegips.pl</a>
domain to impact their ability to send from that address. <br>
</div>
<div><br>
</div>
</div>
</blockquote>
<p><font size="+1">The one I received was from <u>rainphil.com</u>
and came with an ugly Trojan attached as a PDF. <br>
</font></p>
<p><font size="+1">Has anyone else received this type or am I just
fortunate?</font></p>
<p><font size="+1">Richard Golodner<br>
</font></p>
<p><font size="+1"><br>
</font></p>
<p><font size="+1"></font><br>
</p>
</body>
</html>