Thanks, but the attack is affecting another domain of ours (sendersrv.com): dig TXT _dmarc.sendersrv.com +short "v=DMARC1\;p=reject\;pct=100\;rua=mailto:ab...@sender.lt";
And Gmail completely ignores that. [image: Sender] Edgar Vaitkevičius, founder / CEO ed...@sender.net On Wed, Mar 2, 2022 at 12:35 PM Jarland Donnell via mailop < mailop@mailop.org> wrote: > If you change your DMARC to reject instead of quarantine, Google will > outright reject these. If you're looking at an attack this significant > in scope, it may be worth doing. > > root@gw:~# dig TXT _dmarc.sender.net +short > "v=DMARC1; p=quarantine; ruf=mailto:ab...@sender.net; pct=100" > > On 2022-03-02 02:08, Edgaras | SENDER via mailop wrote: > > Hi all, > > > > sorry, I can't describe the stupidity and incompetence of Gmail > > systems lately without resorting to expletives. Seriously everyone, > > see for yourselves. > > Gmail is now accepting mail from Spamhaus EDROP listed spam ranges: > > > > 176.56.220.0/24 [1] > > 176.56.221.0/24 [2] > > 176.56.222.0/24 [3] > > > > Which are all included here in > > https://www.spamhaus.org/sbl/query/SBL442803 > > > > None of those networks are included in our SPF, which has -all. > > From,To,CC,Subject,Date headers are all oversigned to prevent DKIM > > replay attacks. > > > > And yet Gmail still somehow accepts mail from these ranges, and thinks > > it's authenticated. > > > > Google, how much more of a stink there has to be for someone to pay > > attention to this issue? I did not publicize this issue on purpose - > > so that other spammers would not take advantage of this weakness in > > your spam filter. Do we have to announce this on Hacker News, Reddit > > and elsewhere? I don't think that it's only our domain's reputation > > being abused this way, and a lot of people are exposed to spam/scams, > > so we will have to go public if this does not get fixed urgently. > > > > PS: The following networks are also participating in this attack, so > > it's safe to presume they are under the control of the same spam gang, > > which operates the above-mentioned networks in DROP list. Spamhaus, I > > know you're on the list - feel free to escalate those listings to > > DROP: > > > > 103.110.248.0/24 [4] > > 103.110.249.0/24 [5] > > 103.110.251.0/24 [6] > > 103.205.17.0/24 [7] > > 103.205.18.0/24 [8] > > 103.205.19.0/24 [9] > > 103.217.82.0/24 [10] > > 162.251.248.0/24 [11] > > 162.251.249.0/24 [12] > > 162.251.250.0/24 [13] > > 162.251.251.0/24 [14] > > 162.251.252.0/24 [15] > > 162.251.253.0/24 [16] > > 162.251.254.0/24 [17] > > 162.251.255.0/24 [18] > > > > Edgar Vaitkevičius, founder / CEO > > ed...@sender.net > > > > > > > > Links: > > ------ > > [1] http://176.56.220.0/24 > > [2] http://176.56.221.0/24 > > [3] http://176.56.222.0/24 > > [4] http://103.110.248.0/24 > > [5] http://103.110.249.0/24 > > [6] http://103.110.251.0/24 > > [7] http://103.205.17.0/24 > > [8] http://103.205.18.0/24 > > [9] http://103.205.19.0/24 > > [10] http://103.217.82.0/24 > > [11] http://162.251.248.0/24 > > [12] http://162.251.249.0/24 > > [13] http://162.251.250.0/24 > > [14] http://162.251.251.0/24 > > [15] http://162.251.252.0/24 > > [16] http://162.251.253.0/24 > > [17] http://162.251.254.0/24 > > [18] http://162.251.255.0/24 > > _______________________________________________ > > mailop mailing list > > mailop@mailop.org > > https://list.mailop.org/listinfo/mailop > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
