On 10/27/2015 05:09 AM, Ian Smith wrote:
On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez <octalnanog@alvarezp.org <mailto:octalnanog@alvarezp.org>> wrote:
On 26/10/15 11:38, Jürgen Jaritsch wrote: <snip>
But it is originating all from different IP addresses. Who knows if this is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from NANOG and is just getting its goal accomplished.
This is the part that's been bugging me. Doesn't the NANOG server implement SPF checking on inbound list mail? jdlabs.fr <http://jdlabs.fr> doesn't appear to have an SPF record published. It seems to me that these messages should have been dropped during the connection.
That doesn't stop spam from hijacked accounts. For this case, an account was compromised, apparently. What if after 6 messages in the last 5 minutes with the same or absent 'In-Reply-To' moves the account to moderation mode. Easier said than implemented, though.