[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf
Subject:    Re: Don't shoot the messenger... AOL is publishing DMARC p=reject as of today.
From:       mrex () sap ! com (Martin Rex)
Date:       2014-04-22 23:55:57
Message-ID: 20140422235557.3CE511ACDC () ld9781 ! wdf ! sap ! corp
[Download RAW message or body]

John Levine wrote:
> 
> In AOL's case, I presume it's because it's become painfully apparent
> that crooks are stealing vast numbers of AOL address books and
> spamming to them from the matching AOL user addresses. This is loudly
> slamming the barn door after the horse left.  Too bad for all the
> people whose feet were crushed as they did so.

I received spam EMail from a friend with @yahoo.com account on 26-Mar-2014
based on what appears to be a stolen address book.

It did not come through any yahoo mail servers, carried 19 additional 
email addresses from my friends address book in Cc: and contained an
URL to some aggressive advertisement site besides the first+last real name
of my friend (subject was also only my friends first+last name).

I don't know whether that site also served any malware along with the
aggressive advertisement, I opened it in a virtual environment with
a browser having active content disabled.  The advertisement was
shown in my local language (German) although I was the only German
among the visible recipients.


Btw. I can successfully send myself EMail with fake @yahoo.com in From:
to my work Email account (where I originally received that spam),
and there is no problem in receiving. (Our comany email does not seem
to perform any of the crazy DMARC processing).


-Martin

[prev in list] [next in list] [prev in thread] [next in thread]