On Fri, 2014-10-10 at 14:26 +0200, Axb wrote: > On 10/10/2014 01:46 PM, Martin Gregorie wrote: > > I've recently noticed what may be a new spamming technique: sending mail > > to Yahoo Groups with an invalid group name - since Yahoo! doesnt! seem! > > to! use! SPF, this intentional backscatter gets delivered to the forged > > recipient address with the payload in the returned message text. > > > > There are two ways of recognising it: > > > > - the List-id: header is set to <UnknownList.yahoogroups.com> > > - the user part of the To address is alphanumeric soup > > > > pls pastebin a sample > > Here you go: http://pastebin.com/aqhcTZxH
I've replaced my address is these by example.com or example.isp.com but the message is otherwise unchanged. RW: you're right (just had another from Yahoo UK - I'm about to change the rule to match UnknownList.yahoo Benny: Yes they did - after all, how can they tell a bouncing message due to a fatfingered address from one that was crafted to bounce? The examples I've seen so far have apparently been equity pumping scams. Is this also a common feature? Martin
