[Mailman-Users] cause of bounces

Grant Taylor gtaylor at tnetconsulting.net
Tue Oct 17 18:36:22 EDT 2017


On 10/17/2017 11:45 AM, Dimitri Maziuk wrote:
> If these actually exist, my spamassassin has been delivering to
> /dev/null for quite some time now. My impression is they largely died
> off, possibly thanks to adoption of SPF.

If these actually exist?  -  I'm talking about someone configuring their 
old email address to forward to their new email address.  -  I just 
happened to extrapolate out further.  I.e. old college email forwards to 
Yahoo, which forwards to Gmail, etc.  -  I suspect the single level 
forwarding is quite common.

Are we talking about the same thing?  I.e. .forward files?  Or are you 
thinking something more nefarious?

> Now it is much easier and cheaper to send spam from botnets of perfectly
> legitimate pwn3d peecees. Or to anonymously register a perfectly valid
> domain (e.g. tnеtсоnsulting.net -- there's 3 "language-specific script"
> chars in there), add all the DMARC embellishments, and send perfectly
> compliant spam as gtaylor from there.

I scowl at you sir.  I dislike being the example.  But I think what you 
did is quite neat and perfectly valid example.  Nicely played sir.

I actually have no idea how to defend against such attacks, save for 
registering all such permutations.

I wonder how some such language-specific script characters would show up 
in logs.  Especially ASCII without UTF support.

> For bonus points, pay with stolen credit card number and have your spam
> campaign all done by the time visa fraud department calls you domain
> registar.

/me wonders what color Dimitri's hat is.  ;-)  #knowtheyenemy



-- 
Grant. . . .
unix || die



More information about the Mailman-Users mailing list