Dňa 5. decembra 2022 21:57:42 UTC používateľ "Gellner, Oliver via mailop" <mailop@mailop.org> napísal:
>The reason for this might be that most report addresses are parsed by scripts, >not read by humans, and the scripts aren’t subsceptible to buy the advertised >products. The spammers would need to create spam content in valid DMARC or >TLSRPT formats, ie insert the spam messages as values into the XML / JSON >tags, so that eventually a human reads it. This sounds like a lot of extra >work with little benefit. Perhaps, but i am (my MTA) getting SPAMs to Mozilla MID like addresses for years. Recently i start to get SPAMs to names not common in our country (our country TLD), including English service accounts (invoice, or so) and even to our XMPP's JIDs (which newer had email account), etc, etc. In other words, by my experiences, the spammers are able to try anything what at least looks as valid email address, scraped from anywhere... Thus why not try those report addresses? I do not complain, i am only surprised... I will guess, that multiple (many?) small/personal MTAs will have these reports enabled, but have parsing triggered manualy, as there are multiple tools for that, eg. on github... >To test the script with other TLS reports you can try to get the mailservers >of mail.ru, Socketlabs or companies that use MDaemon to send emails to you.... I am not as interested in these reports. After i will get some other than from google and it fails to parse, it will wait in queue for some days, thus i can fix/improve my script, as i did with DMARC reports, which i initaly did on RFC base and then i lower my (or script's) expectations. Now it works and i do not remember when it fails last -- many months ago. regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
