nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AW: Uptick in spam

From: Jim Popovitch <jimpop () gmail com>
Date: Wed, 28 Oct 2015 15:28:08 -0400
On Wed, Oct 28, 2015 at 3:44 AM, Octavio Alvarez
<octalnanog () alvarezp org> wrote:



On 10/27/2015 05:09 AM, Ian Smith wrote:


On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
<octalnanog () alvarezp org <mailto:octalnanog () alvarezp org>> wrote:

    On 26/10/15 11:38, Jürgen Jaritsch wrote:
    <snip>

    But it is originating all from different IP addresses. Who knows if
this
    is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from
    NANOG and is just getting
    its goal accomplished.



This is the part that's been bugging me.  Doesn't the NANOG server
implement SPF checking on inbound list mail? jdlabs.fr
<http://jdlabs.fr> doesn't appear to have an SPF record published.  It
seems to me that these messages should have been dropped during the
connection.



That doesn't stop spam from hijacked accounts.

For this case, an account was compromised, apparently.


There was no account compromise, it was only oddball webservers that
were compromised and then used in a spam run where the From was set to
a nanog subscriber's email address.


What if after 6 messages in the last 5 minutes with the same or absent
'In-Reply-To' moves he account to moderation mode.

Easier said than implemented, though.



This is already under consideration, by me, for a mailman patch.
It's a good idea that has been around for a while and is well worth
having as an option.

-Jim P.
Previous By Date Next
Previous By Thread Next

Current thread: