Heho, Yes; The benefit of this is also that you do not need your target to have any service you can subscribe on running; They just have to follow a proper mail setup. But I like you suggestion.
Would be any of the larger ESPs who is doing sender reputation by IP up for a test? .oO( I would like to do this in coordination, as I'd use some of my own IPs for this, and would prefer not to permanently burn the whole network... ) With best regards, Tobias -----Original Message----- From: mailop <[email protected]> On Behalf Of Ángel via mailop Sent: Saturday, 30 April 2022 20:47 To: [email protected] Subject: Re: [mailop] DMARC/TLSRPT to non-existing accounts/reflection and sender reputation That's an interesting attack. I initially thought you were going to describe placing a victim as your destination target which is something which is prevented by requiring the receiver to authorize them: https://www.rfc-editor.org/rfc/rfc7489.html#section-7.1 But this is getting a spamtrap to accept emails and treating them as intruding attempts. The onus should be on them to detect that they are the MX of the target domain, and thus the sender may be playing by the rules. Quite easy to notice if you start seeing in DMARC reports in your spamtrap, actually. But this doesn't mean that all spamtrap operators do that, or wouldn't be vulnerable to that. Note that you could perform a similar attack by subscribing a user to a number of mailing lists, promotions, etc. then changing your MX to a spamtrap, which would then blame the sender IP. Regards _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
