[discuss] Might a more systematic approach be needed...?

Robert Guerra rguerra at privaterra.org
Tue May 23 15:21:06 UTC 2017


Carlos,

I’m also seeing this on other ICANN and IG related lists that i’m 
on.

it might be worthwhile for this, and other NGO communities to think 
about more systematic approach to report incidents (say an NGO CERT) and 
see if indeed there are best practice to prevent spam and other more 
nefarious types of attacks.

regards

Robert


--
Robert Guerra
Twitter: twitter.com/netfreedom
Email: rguerra at privaterra.org
PGP Keys : https://keybase.io/rguerra

On 23 May 2017, at 6:55, Carlos Afonso wrote:

> Incredible. This spam is appearing in nearly every mailman service I 
> am
> aware of (including ISOC's lists). It seems a vulnerability in the 
> mail
> agent which seems unable to handle this kind of spoofing (or missing
> some anti-spoofing config). It happens in our lists here at Nupef as 
> well.
>
> Most of these are coming from Vietnam's terminal broadband addresses. 
> I
> assume they do not block port 25 for end users.
>
> Below is the full header source of the spam. As the domain 1net.org is
> under APNIC, I am also copying to Arth.
>
> frt rgds
>
> --c.a.
>
> On 23-05-17 07:31, paf wrote:
> From - Tue May 23 07:44:58 2017
> X-Account-Key: account1
> X-UIDL: 0002fe7154ffae3d
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> X-Mozilla-Keys:
>
> Return-Path: <discuss-bounces at 1net.org>
> Delivered-To: ca at cafonso.ca
> Received: from localhost (localhost [127.0.0.1])
> 	by email.nupef.org.br (Postfix) with ESMTP id 08EDA14A674
> 	for <ca at cafonso.ca>; Tue, 23 May 2017 07:32:35 -0300 (BRT)
> X-Virus-Scanned: Debian amavisd-new at email.nupef.org.br
> X-Spam-Flag: NO
> X-Spam-Score: 1.495
> X-Spam-Level: *
> X-Spam-Status: No, score=1.495 tagged_above=1 required=4.5
> 	tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001,
> 	HTML_IMAGE_ONLY_24=1.618, HTML_IMAGE_RATIO_02=0.437,
> 	HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347,
> 	T_RP_MATCHES_RCVD=-0.01, URI_TRY_3LD=0.001]
> 	autolearn=no autolearn_force=no
> Received: from email.nupef.org.br ([127.0.0.1])
> 	by localhost (email.nupef.org.br [127.0.0.1]) (amavisd-new, port 
> 10024)
> 	with ESMTP id FNl4YrmHzOoV for <ca at cafonso.ca>;
> 	Tue, 23 May 2017 07:32:31 -0300 (BRT)
> Received: from 1net-mail.1net.org (1net-mail.1net.org
> [IPv6:2a01:7e00::f03c:91ff:fedb:250a])
> 	by email.nupef.org.br (Postfix) with ESMTPS id 0CA20148749
> 	for <ca at cafonso.ca>; Tue, 23 May 2017 07:32:30 -0300 (BRT)
> Received: from localhost ([::1] helo=1net-mail.1net.org)
> 	by 1net-mail.1net.org with esmtp (Exim 4.80.1)
> 	(envelope-from <discuss-bounces at 1net.org>)
> 	id 1dD76s-0003zu-Pe; Tue, 23 May 2017 10:32:14 +0000
> Received: from [14.176.142.144] (helo=static.vnpt.vn)
> 	by 1net-mail.1net.org with esmtp (Exim 4.80.1)
> 	(envelope-from <qaukb at static.vnpt.vn>) id 1dD76o-0003zT-WA
> 	for discuss at 1net.org; Tue, 23 May 2017 10:32:13 +0000
> From: "paf" <paf at frobbit.se>
> To: "discuss" <discuss at 1net.org>
> Date: Tue, 23 May 2017 06:31:48 -0400
> Message-ID: <1753787746.20170523133148 at frobbit.se>
> MIME-Version: 1.0
> X-1net-SpamScore: 21.3 (+++++++++++++++++++++)
> Subject: [discuss] =?utf-8?q?=E2=9D=A3some_new_stuff?=
> X-BeenThere: discuss at 1net.org
> X-Mailman-Version: 2.1.12
> Precedence: list
> List-Id: <discuss.1net.org>
> List-Unsubscribe: <http://1net-mail.1net.org/mailman/options/discuss>,
> 	<mailto:discuss-request at 1net.org?subject=unsubscribe>
> List-Archive: <http://1net-mail.1net.org/pipermail/discuss/>
> List-Post: <mailto:discuss at 1net.org>
> List-Help: <mailto:discuss-request at 1net.org?subject=help>
> List-Subscribe: <http://1net-mail.1net.org/mailman/listinfo/discuss>,
> 	<mailto:discuss-request at 1net.org?subject=subscribe>
> Content-Type: multipart/mixed;
> boundary="===============3320793257203812010=="
> Sender: discuss-bounces at 1net.org
> Errors-To: discuss-bounces at 1net.org
>
> --===============3320793257203812010==
> Content-Type: multipart/alternative;
>         boundary="_2C237DC2-DA16-4DDF-A725-EC67FFD0D977_"
>
>
> -- 
>
> Carlos A. Afonso
> [emails são pessoais exceto quando explicitamente indicado em 
> contrário]
> [emails are personal unless explicitly indicated otherwise]
>
> Instituto Nupef - https://nupef.org.br
> CGI.br - http://cgi.br
> ISOC-BR - https://isoc.org.br
>
>
>
> _______________________________________________
> discuss mailing list
> discuss at 1net.org
> http://1net-mail.1net.org/mailman/listinfo/discuss



More information about the discuss mailing list