Re: Spamming of NANOG list members

[Sandra Murphy <sandy () tislabs com>]

Mine came 21 May.  It was a .doc.  

Sent from charter.net, with the user portion of the sender very similar to a nanog contributor.

And it arrived oddly coincident with my visit to the cvent registration page.  Any others who had that coincidence?

—Sandy


> On May 23, 2019, at 5:39 PM, Richard <rgolodner () infratection com> wrote:
>
> On 5/23/19 4:16 PM, Matt Harris wrote:
> > On Thu, May 23, 2019 at 4:13 PM Hansen, Christoffer <christoffer () netravnen de> wrote:
> > Appreciate the warning!
> >
> > On 23/05/2019 19:46, Valerie Wittkop wrote:
> > > These messages are not flowing through NANOG servers, nor using the NANOG domain. They are not messages coming 
> > > from the NANOG organization. Please be aware if you receive a message matching this description and always make 
> > > sure to scan attachments for a virus.
> >
> > The one I received looked like this:
> >
> > > From: "NANOG" <service () cegips pl>
> >
> > ...
> >
> > Has it been considered switching to "-all", instead of only "~all" in
> > the spf record?
> >
> > > $ dig +short +nocmd +nocomments TXT nanog.org
> > > "v=spf1 include:_spf.google.com ip4:104.20.199.50 ip4:104.20.198.50  ip4:50.31.151.75 ip4:50.31.151.76 
> > > ip6:2001:1838:2001:8::19 ip6:2001:1838:2001:8::20 ip6:2400:cb00:2048:1::6814:c632 ip6:2400:cb00:2048:1::6814:c732 
> > > ~all"
> >
> >         -Christoffer
> >
> > The SPF record wouldn't make a difference since that email was sent from @cegips.pl, not from @nanog.org.  You'd 
> > have to change the SPF record for the cegips.pl domain to impact their ability to send from that address.  
> The one I received was from rainphil.com and came with an ugly Trojan attached as a PDF. 
>
> Has anyone else received this type or am I just fortunate?
>
> Richard Golodner