Hi Todd, We are seeing the same thing at Fastmail. We are putting various mitigations in place and some of our domains reputation has revovered but are still having issues with the domain reputation of a number of our domains. Does the group have any experience/advice in how to expediate the recovery of domain reputations.
On Wed, 6 Apr 2022, at 6:04 AM, Todd Herr via mailop wrote: > > On Tue, Apr 5, 2022 at 6:35 AM Cyril - ImprovMX via mailop > <[email protected]> wrote: >> >> After a discussion with OVH about this potential issue, I discovered that >> the problem was worst than that. By comparing all the emails from >> Spamcop.net reports, I discovered that they were from a few emails, but >> then, they had new headers added on top. This included a new "To", "Subject" >> and "Date" header. An email sent 4 days ago was sent again, with an updated >> date. The initial "Subject" was basic things like "hello" and the new >> Subject added at the top was more spammy (the typical horny stuff). >> >> Clearly, someone used the reputation of ImprovMX.com to deliver emails by >> forging them before delivery. >> > > What you're describing sounds exactly like a DKIM replay attack. > > Socketlabs, among others, have some ideas on how to mitigate such things. > Perhaps you might find those ideas useful - > https://www.socketlabs.com/blog/dkim-replay-attacks-preventive-measures-to-protect-email-deliverability/ > > -- > > > *Todd Herr *** | Technical Director, Standards and Ecosystem > *e:* [email protected] > *m:* 703.220.4153 > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized recipient > you are hereby notified of any use, disclosure, copying or distribution of > the information included in this transmission is prohibited and may be > unlawful. Please immediately notify the sender by replying to this email and > then delete it from your system. > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop > -- Marc Bradshaw - Deliverability/Abuse at Fastmail [email protected] | @marcbradshaw <https://twitter.com/marcbradshaw>
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
