[185575] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: AW: Uptick in spam

daemon@ATHENA.MIT.EDU (Octavio Alvarez)
Wed Oct 28 03:44:08 2015

X-Original-To: nanog@nanog.org
To: Ian Smith <ian.w.smith@gmail.com>
From: Octavio Alvarez <octalnanog@alvarezp.org>
Date: Wed, 28 Oct 2015 00:44:04 -0700
In-Reply-To: <CALeqL2exq_iLrVQWztJFD1EuiG+jdNgYpQjS2p8ZirH8UagZ_w@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org



On 10/27/2015 05:09 AM, Ian Smith wrote:
> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
> <octalnanog@alvarezp.org <mailto:octalnanog@alvarezp.org>> wrote:
>
>     On 26/10/15 11:38, Jürgen Jaritsch wrote:
>     <snip>
>
>     But it is originating all from different IP addresses. Who knows if this
>     is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from
>     NANOG and is just getting
>     its goal accomplished.
>
>
>
> This is the part that's been bugging me.  Doesn't the NANOG server
> implement SPF checking on inbound list mail? jdlabs.fr
> <http://jdlabs.fr> doesn't appear to have an SPF record published.  It
> seems to me that these messages should have been dropped during the
> connection.

That doesn't stop spam from hijacked accounts.

For this case, an account was compromised, apparently. What if after 6 
messages in the last 5 minutes with the same or absent 'In-Reply-To' 
moves the account to moderation mode.

Easier said than implemented, though.


home help back first fref pref prev next nref lref last post