On Mon 06/Nov/2023 21:48:53 +0100 John R Levine wrote:
Low budget spam to the DMARC list that happened to fake my name and address on
the From: line.
If this happened more than once every five years, I might consider publishing a
DMARC policy.
That message had an AMSL Received: line which looks pretty authentic:
Received: from gal.iecc.com (gal.iecc.com
[IPv6:2001:470:1f07:1126:0:43:6f73:7461])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 12F3AC18E1BC
for <dmarc@ietf.org>; Mon, 6 Nov 2023 12:33:58 -0800 (PST)
For comparison, the one on the message I'm replying to:
Received: from gal.iecc.com (gal.iecc.com
[IPv6:2001:470:1f07:1126:0:43:6f73:7461])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id DBE44C18E1BC
for <dmarc@ietf.org>; Mon, 6 Nov 2023 12:48:57 -0800 (PST)
BTW, the original source seems to have been recently hacked, by looking at
https://www.abuseipdb.com/check/90.187.4.13 (Visiting that page I discovered
that I too had received one of their spam.)
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc