[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spammers go personal

On 24. 05. 2017 00:04, Joel Rees wrote:
> Only you can tell, from the headers, and from your own setup, whether the
> junk-fraudmailers just spoofed your address or actually used your computer
> to send it.

For what is worth: a few hours ago I've received several mails that look

They are seemingly sent from valid Gmail accounts (received by my
inbound SMTP from Google outbound servers and authenticated via SPF and
DKIM). They all contain an angry/sad reply on top of a quoted spam
message. My email and name is quoted as the original author of the spam
message. The spam message looks similar to what Fungi4All quoted.

The interesting part is that all the mails have a In-Reply-To and
References headers. These headers contain message ID from one of my
previous mails to debian-user.

I see no indications in my server's log files that the quoted spam
originated from my server.

My guess is that these were genuine replies from Gmail users to spam
sent with my address in a spoofed From: field. Perhaps someone figured
out that using Message IDs from valid mails allows them to circumvent
Google's spam and SPF/DKIM checks.

Best regards

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: