On 10/17/2017 11:45 AM, Dimitri Maziuk wrote:
If these actually exist, my spamassassin has been delivering to /dev/null for quite some time now. My impression is they largely died off, possibly thanks to adoption of SPF.
If these actually exist? - I'm talking about someone configuring their old email address to forward to their new email address. - I just happened to extrapolate out further. I.e. old college email forwards to Yahoo, which forwards to Gmail, etc. - I suspect the single level forwarding is quite common.
Are we talking about the same thing? I.e. .forward files? Or are you thinking something more nefarious?
Now it is much easier and cheaper to send spam from botnets of perfectly legitimate pwn3d peecees. Or to anonymously register a perfectly valid domain (e.g. tnеtсоnsulting.net -- there's 3 "language-specific script" chars in there), add all the DMARC embellishments, and send perfectly compliant spam as gtaylor from there.
I scowl at you sir. I dislike being the example. But I think what you did is quite neat and perfectly valid example. Nicely played sir.
I actually have no idea how to defend against such attacks, save for registering all such permutations.
I wonder how some such language-specific script characters would show up in logs. Especially ASCII without UTF support.
For bonus points, pay with stolen credit card number and have your spam campaign all done by the time visa fraud department calls you domain registar.
/me wonders what color Dimitri's hat is. ;-) #knowtheyenemy -- Grant. . . . unix || die
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
