-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=emaildl.att-
mail.com;
From: "AT&T "
Subject: AT&T Customer Awareness: Equifax Breach
You might want to change that DKIM signature to use relaxed/relaxed. We
are seeing dkim=fail reason="si
Way way coincidental that an old nanae regulars email is in the headers and
> The biggest clue for me was the gap in time stamps, as if something was
> periodically polling the original Gmail mailbox.
#NotAllClients
Especially not procmail feeding to a random spam reporting perl script which i
Most clients which support 'bounce' add resent headers.
This looks like dkim replay.
On Sep 29, 2017 9:51 AM, "Brian Godiksen"
wrote:
> This is a classic DKIM replay attack, no? I have the same message in the
> junk folder of one of my gmail mailboxes but using a different forged
> return path
This is a classic DKIM replay attack, no? I have the same message in the junk
folder of one of my gmail mailboxes but using a different forged return path.
I think strredwolf was just one of the victims in the replay attack reporting
the abuse.
-Brian
On Sep 29, 2017, at 3:33 AM, Suresh Rama
Mutt / pine call it a bounce - it just adds your own headers on top of the
original email’s and redirects it to a new address.
So the original recipient was strredwolf and he redirected it that way
--srs
> On 29-Sep-2017, at 9:05 AM, Grant Taylor wrote:
>
>> On Sep 28, 2017, at 8:25 PM, Sure