[discuss] Might a more systematic approach be needed...?

Carlos Afonso ca at cafonso.ca
Tue May 23 15:48:34 UTC 2017


Thanks, Bob. In our case, we report directly to the Brazilian CERT. In
most cases/counries/regions there are already support centers in place
to approach.

frt rgds

--c.a.

On 23-05-17 12:21, Robert Guerra wrote:
> Carlos,
> 
> I’m also seeing this on other ICANN and IG related lists that i’m on.
> 
> it might be worthwhile for this, and other NGO communities to think
> about more systematic approach to report incidents (say an NGO CERT) and
> see if indeed there are best practice to prevent spam and other more
> nefarious types of attacks.
> 
> regards
> 
> Robert
> 
> 
> -- 
> Robert Guerra
> Twitter: twitter.com/netfreedom
> Email: rguerra at privaterra.org
> PGP Keys : https://keybase.io/rguerra
> 
> On 23 May 2017, at 6:55, Carlos Afonso wrote:
> 
>> Incredible. This spam is appearing in nearly every mailman service I am
>> aware of (including ISOC's lists). It seems a vulnerability in the mail
>> agent which seems unable to handle this kind of spoofing (or missing
>> some anti-spoofing config). It happens in our lists here at Nupef as
>> well.
>>
>> Most of these are coming from Vietnam's terminal broadband addresses. I
>> assume they do not block port 25 for end users.
>>
>> Below is the full header source of the spam. As the domain 1net.org is
>> under APNIC, I am also copying to Arth.
>>
>> frt rgds
>>
>> --c.a.
>>
>> On 23-05-17 07:31, paf wrote:
>> From - Tue May 23 07:44:58 2017
>> X-Account-Key: account1
>> X-UIDL: 0002fe7154ffae3d
>> X-Mozilla-Status: 0001
>> X-Mozilla-Status2: 00000000
>> X-Mozilla-Keys:
>>
>> Return-Path: <discuss-bounces at 1net.org>
>> Delivered-To: ca at cafonso.ca
>> Received: from localhost (localhost [127.0.0.1])
>>     by email.nupef.org.br (Postfix) with ESMTP id 08EDA14A674
>>     for <ca at cafonso.ca>; Tue, 23 May 2017 07:32:35 -0300 (BRT)
>> X-Virus-Scanned: Debian amavisd-new at email.nupef.org.br
>> X-Spam-Flag: NO
>> X-Spam-Score: 1.495
>> X-Spam-Level: *
>> X-Spam-Status: No, score=1.495 tagged_above=1 required=4.5
>>     tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001,
>>     HTML_IMAGE_ONLY_24=1.618, HTML_IMAGE_RATIO_02=0.437,
>>     HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347,
>>     T_RP_MATCHES_RCVD=-0.01, URI_TRY_3LD=0.001]
>>     autolearn=no autolearn_force=no
>> Received: from email.nupef.org.br ([127.0.0.1])
>>     by localhost (email.nupef.org.br [127.0.0.1]) (amavisd-new, port
>> 10024)
>>     with ESMTP id FNl4YrmHzOoV for <ca at cafonso.ca>;
>>     Tue, 23 May 2017 07:32:31 -0300 (BRT)
>> Received: from 1net-mail.1net.org (1net-mail.1net.org
>> [IPv6:2a01:7e00::f03c:91ff:fedb:250a])
>>     by email.nupef.org.br (Postfix) with ESMTPS id 0CA20148749
>>     for <ca at cafonso.ca>; Tue, 23 May 2017 07:32:30 -0300 (BRT)
>> Received: from localhost ([::1] helo=1net-mail.1net.org)
>>     by 1net-mail.1net.org with esmtp (Exim 4.80.1)
>>     (envelope-from <discuss-bounces at 1net.org>)
>>     id 1dD76s-0003zu-Pe; Tue, 23 May 2017 10:32:14 +0000
>> Received: from [14.176.142.144] (helo=static.vnpt.vn)
>>     by 1net-mail.1net.org with esmtp (Exim 4.80.1)
>>     (envelope-from <qaukb at static.vnpt.vn>) id 1dD76o-0003zT-WA
>>     for discuss at 1net.org; Tue, 23 May 2017 10:32:13 +0000
>> From: "paf" <paf at frobbit.se>
>> To: "discuss" <discuss at 1net.org>
>> Date: Tue, 23 May 2017 06:31:48 -0400
>> Message-ID: <1753787746.20170523133148 at frobbit.se>
>> MIME-Version: 1.0
>> X-1net-SpamScore: 21.3 (+++++++++++++++++++++)
>> Subject: [discuss] =?utf-8?q?=E2=9D=A3some_new_stuff?=
>> X-BeenThere: discuss at 1net.org
>> X-Mailman-Version: 2.1.12
>> Precedence: list
>> List-Id: <discuss.1net.org>
>> List-Unsubscribe: <http://1net-mail.1net.org/mailman/options/discuss>,
>>     <mailto:discuss-request at 1net.org?subject=unsubscribe>
>> List-Archive: <http://1net-mail.1net.org/pipermail/discuss/>
>> List-Post: <mailto:discuss at 1net.org>
>> List-Help: <mailto:discuss-request at 1net.org?subject=help>
>> List-Subscribe: <http://1net-mail.1net.org/mailman/listinfo/discuss>,
>>     <mailto:discuss-request at 1net.org?subject=subscribe>
>> Content-Type: multipart/mixed;
>> boundary="===============3320793257203812010=="
>> Sender: discuss-bounces at 1net.org
>> Errors-To: discuss-bounces at 1net.org
>>
>> --===============3320793257203812010==
>> Content-Type: multipart/alternative;
>>         boundary="_2C237DC2-DA16-4DDF-A725-EC67FFD0D977_"
>>
>>
>> -- 
>>
>> Carlos A. Afonso
>> [emails são pessoais exceto quando explicitamente indicado em contrário]
>> [emails are personal unless explicitly indicated otherwise]
>>
>> Instituto Nupef - https://nupef.org.br
>> CGI.br - http://cgi.br
>> ISOC-BR - https://isoc.org.br
>>
>>
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at 1net.org
>> http://1net-mail.1net.org/mailman/listinfo/discuss
> 

-- 

Carlos A. Afonso
[emails são pessoais exceto quando explicitamente indicado em contrário]
[emails are personal unless explicitly indicated otherwise]

Instituto Nupef - https://nupef.org.br
CGI.br - http://cgi.br
ISOC-BR - https://isoc.org.br





More information about the discuss mailing list