On Wed, Oct 28, 2015 at 3:44 AM, Octavio Alvarez <octalna...@alvarezp.org> wrote: > > > On 10/27/2015 05:09 AM, Ian Smith wrote: >> >> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez >> <octalna...@alvarezp.org <mailto:octalna...@alvarezp.org>> wrote: >> >> On 26/10/15 11:38, Jürgen Jaritsch wrote: >> <snip> >> >> But it is originating all from different IP addresses. Who knows if >> this >> is an attack to get *@jdlabs.fr <http://jdlabs.fr/> blocked from >> NANOG and is just getting >> its goal accomplished. >> >> >> >> This is the part that's been bugging me. Doesn't the NANOG server >> implement SPF checking on inbound list mail? jdlabs.fr >> <http://jdlabs.fr> doesn't appear to have an SPF record published. It >> seems to me that these messages should have been dropped during the >> connection. > > > That doesn't stop spam from hijacked accounts. > > For this case, an account was compromised, apparently.
There was no account compromise, it was only oddball webservers that were compromised and then used in a spam run where the From was set to a nanog subscriber's email address. > What if after 6 messages in the last 5 minutes with the same or absent > 'In-Reply-To' moves he account to moderation mode. > > Easier said than implemented, though. > This is already under consideration, by me, for a mailman patch. It's a good idea that has been around for a while and is well worth having as an option. -Jim P.