On October 10, 2014 6:59:40 PM Martin Gregorie
Benny: Yes they did - after all, how can they tell a bouncing message due to a fatfingered address from one that was crafted to bounce?
the mailerdaemon is dkim signed, the attached msg is not signed, so its not sent from yahoo imho
The examples I've seen so far have apparently been equity pumping scams. Is this also a common feature?
Ahh note the isp send you a dsn back for undelivered, here the isp is really yahoo, hopefully i am right, anyway its yahoo spam, block the url in bounce msg attachment with clamav
