On 10/10/2014 06:59 PM, Martin Gregorie wrote:
On Fri, 2014-10-10 at 14:26 +0200, Axb wrote:
On 10/10/2014 01:46 PM, Martin Gregorie wrote:
I've recently noticed what may be a new spamming technique: sending mail
to Yahoo Groups with an invalid group name - since Yahoo! doesnt! seem!
to! use! SPF, this intentional backscatter gets delivered to the forged
recipient address with the payload in the returned message text.
There are two ways of recognising it:
- the List-id: header is set to <UnknownList.yahoogroups.com>
- the user part of the To address is alphanumeric soup
pls pastebin a sample
Here you go: http://pastebin.com/aqhcTZxH
I've replaced my address is these by example.com or example.isp.com but
the message is otherwise unchanged.
RW: you're right (just had another from Yahoo UK - I'm about to change
the rule to match UnknownList.yahoo
Benny: Yes they did - after all, how can they tell a bouncing message
due to a fatfingered address from one that was crafted to bounce?
The examples I've seen so far have apparently been equity pumping scams.
Is this also a common feature?
Thanks for the sample...
Was wondering why I didn't see any....
had an ancient Postfix header_check regex rule
/^X-Yahoo-Newman-Property: groups-bounce/ REJECT
(I have no use for Yahoogroups mail)
