nanog mailing list archives

Re: more FUSSPs, Uptick in spam

From: "John Levine" <johnl () iecc com>
Date: 27 Oct 2015 14:53:36 -0000

You can argue that envelope header forgery is irrelevant, and that corner
cases don't matter.  But I think this latest incident provides a good
counterexample that it does matter.  And it's easy to fix, so why not fix
it?


Why do you think that the envelope addresses in the spam bore any
relation to the address in the From header?  The from comments (the
so-called friendly name) were randomized, and they came from
compromised servers all over the world, so I'd expect the envelope
addresses to be similarly random.

SPF has some value for some heavily forged domains, but that's about it.

R's,
John

Current thread:

Re: AW: Uptick in spam, (continued)
- - - Re: AW: Uptick in spam John Levine (Oct 27)
    - Re: AW: Uptick in spam Valdis . Kletnieks (Oct 27)
    - Re: Uptick in spam Jutta Zalud (Oct 27)
    - Re: Uptick in spam Ian Smith (Oct 27)
    - Re: Uptick in spam Rich Kulawiec (Oct 27)
    - Re: Uptick in spam Ian Smith (Oct 27)
    - Re: Uptick in spam Colin Johnston (Oct 27)
    - Re: Uptick in spam anthony kasza (Oct 27)
    - Re: Uptick in spam Rich Kulawiec (Oct 27)
    - Re: Uptick in spam Peter Beckman (Oct 27)
    - Re: more FUSSPs, Uptick in spam John Levine (Oct 27)
    - Re: more FUSSPs, Uptick in spam Ian Smith (Oct 27)
    - Re: Uptick in spam Connor Wilkins (Oct 27)
    - Re: Uptick in spam Octavio Alvarez (Oct 28)
    - Re: AW: Uptick in spam Octavio Alvarez (Oct 28)
    - Re: AW: Uptick in spam Jim Popovitch (Oct 28)
- RE: Uptick in spam Klimakhin, Kirill (Oct 26)
- Re: Uptick in spam Paras (Oct 26)
  - Re: Uptick in spam Ian Smith (Oct 26)
    - RE: Uptick in spam Steve Mikulasik (Oct 26)
    - Re: Uptick in spam Andrew Kirch (Oct 26)

(Thread continues...)