[AusNOG] Disturbing new spam trend?
Chris Prangnell
chris.prangnell at gmail.com
Wed Oct 7 14:37:36 EST 2015
Your friends mailserver needs TLS enabled. Then it would have not accepted
the mail.
Make sure your SPF record is updated in your dns.
On 7 October 2015 at 13:55, Ross Wheeler <ausnog at rossw.net> wrote:
>
>
> On Tue, 6 Oct 2015, Scott Howard wrote:
>
> The headers below this one are bogus. It's nothing new - include some
>> additional headers, often actually taken from a real message but with the
>> timestamp (and sometimes, but not always, message-id) modified.
>>
>
> Yep, seen those for many years...
>
> In theory it makes the message seem more legitimate, and some very
>>
>
> I'd figured that was the "justification".
>
> broken anti-spam systems will follow down to what appears to be the last
>> legitimate header with public IP (which in this case is 202.3.36.15) and
>> then do a reputation check on that IP - which not surprisingly returns a
>> good reputation on every system I checked.
>>
>
> Thanks to everyone for your input. I guess I was rattled when I saw what
> "appeared" to be my mail server hostname with what was clearly NOT my IP,
> and jumped quickly to the wrong conclusion without further pause for
> thought.
>
>
> R.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
--
*Chris Prangnell*
*Sydney*
*+61449247557*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20151007/659fa5c9/attachment.html>
More information about the AusNOG
mailing list