Hi Hans-Martin, > looks like someone on this list had their PC and/or mailbox hacked, I got a > "reply" to one of my mails trying to make me open some link (probably > malware). This stuff is pretty common, but it feels a bit weird that it > happened through someone who's active in anti-abuse and presumably not a noob > :-)
I received a similar message on Monday supposedly ‘in reply to’ a message I sent to the list nearly two years ago. It may not be a list subscriber’s mailbox that has been hacked, it may just be using a public archive of the list. Whilst the “real name” in the From: field was indeed the person I was replying to at the time (Suresh), the sender’s email address did not match the name. In my case the spam message originated from: > Received: from beatingart.com ([62.113.107.99]) The sending IP address matches the SPF record for beatingart.com and from a quick check doesn’t seem to be on the major block lists, so it could well be a user in that domain has been compromised via phishing or some other means… I must admit I had just deleted the message at the time, but perhaps worth following up with <ab...@ionos.com>, assuming your message matches the details of mine. Cheers, Rob -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
