Hi all, a couple of weeks ago we experienced a DKIM replay attack that used one of our domains. Since then, all emails coming from our systems have oversigned From:, To:, and Subject: headers to prevent that from happening.
However, today in Google Postmaster tools we again found a bunch of bad IPs that do not belong to us and I suspect that a similar attack may be the cause of this. Does anyone have any samples of spam mail sent from any of these IP addresses: 151.1.159.74-151.1.159.76 151.1.159.78-151.1.159.79 208.64.224.61-208.64.224.62 212.83.139.231 212.83.141.247 212.83.144.84 212.83.144.207 212.83.161.32 216.24.251.204-216.24.251.206 It would be really helpful to look at the headers to understand how the spammers manage to bypass DKIM validation in this case. Best, [image: Sender] Edgar Vaitkevičius, founder / CEO ed...@sender.net
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
