Should point out.. they have a messy SPF record right now..
host -t TXT amazon.co.jp
amazon.co.jp descriptive text "v=spf1 include:amazon.com
include:spf-bma.mpme.jp include:amazon-spf.mrs.mpub.ne.jp -all"
host amazon-spf.mrs.mpub.ne.jp
Host amazon-spf.mrs.mpub.ne.jp not found: 3(NXDOMAIN)
But no reason to go to all the length of DMARC, when it is a lot easier
to stop this outbreak before that level..
Anyone can make a policy at SMTP level earlier for this outbreak.
If it doesn't come from an IP in the SPF record.. Or, you can simply
test the MAIL FROM and the PTR record..
On 2020-06-30 3:41 p.m., Brian Toresdahl wrote:
Not trying to be an apologist for Amazon (EC2?), but the domain has a
DMARC policy, so you could treat it at that level. Are your samples
failing authentication?
$ dig +short txt _dmarc.amazon.co.jp <http://dmarc.amazon.co.jp>
"v=DMARC1; p=quarantine; pct=100;
rua=mailto:dmarc-repo...@bounces.amazon.com
<mailto:dmarc-repo...@bounces.amazon.com>;
ruf=mailto:dmarc-repo...@bounces.amazon.com
<mailto:dmarc-repo...@bounces.amazon.com>"
On Tue, Jun 30, 2020 at 12:25 PM Michael Peddemors via mailop
<mailop@mailop.org <mailto:mailop@mailop.org>> wrote:
Just a friendly point out..
Return-Path: <q...@amazon.co.jp <mailto:q...@amazon.co.jp>>
Received: from v118-27-72-15.thcj.static.cnode.io
<http://v118-27-72-15.thcj.static.cnode.io> (HELO amazon.co.jp
<http://amazon.co.jp>)
(118.27.72.15)
From: Amazon <q...@amazon.co.jp <mailto:q...@amazon.co.jp>>
If you see a similar combination, you might just want to block it in
the
SMTP layer..
We added it (amazon.co.jp <http://amazon.co.jp>) to our known sender
forgery list(s), not
worth worrying about it TOO much, since it is already being tagged as
Spam, but the size of it is a bit startling..
Shows as..
X-Mailer: Microsoft Outlook 16.0
X-MagicMail-OS: Windows NT kernel
.. so it could simply be simply a widespread Windows infection, but
something seems unusual about this outbreak..
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and
intended
solely for the use of the individual or entity to which they are
addressed.
Please note that any views or opinions presented in this email are
solely
those of the author and are not intended to represent those of the
company.
_______________________________________________
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
--
Brian Toresdahl
Product Management
brian.toresd...@nextroll.com <mailto:brian.toresd...@gmail.com>
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
