[Mailman-Users] cause of bounces
Grant Taylor
gtaylor at tnetconsulting.net
Tue Oct 17 18:36:22 EDT 2017
On 10/17/2017 11:45 AM, Dimitri Maziuk wrote:
> If these actually exist, my spamassassin has been delivering to
> /dev/null for quite some time now. My impression is they largely died
> off, possibly thanks to adoption of SPF.
If these actually exist? - I'm talking about someone configuring their
old email address to forward to their new email address. - I just
happened to extrapolate out further. I.e. old college email forwards to
Yahoo, which forwards to Gmail, etc. - I suspect the single level
forwarding is quite common.
Are we talking about the same thing? I.e. .forward files? Or are you
thinking something more nefarious?
> Now it is much easier and cheaper to send spam from botnets of perfectly
> legitimate pwn3d peecees. Or to anonymously register a perfectly valid
> domain (e.g. tnеtсоnsulting.net -- there's 3 "language-specific script"
> chars in there), add all the DMARC embellishments, and send perfectly
> compliant spam as gtaylor from there.
I scowl at you sir. I dislike being the example. But I think what you
did is quite neat and perfectly valid example. Nicely played sir.
I actually have no idea how to defend against such attacks, save for
registering all such permutations.
I wonder how some such language-specific script characters would show up
in logs. Especially ASCII without UTF support.
> For bonus points, pay with stolen credit card number and have your spam
> campaign all done by the time visa fraud department calls you domain
> registar.
/me wonders what color Dimitri's hat is. ;-) #knowtheyenemy
--
Grant. . . .
unix || die
More information about the Mailman-Users
mailing list