hg user via mailop <mailop@mailop.org> (Sa 25 Mär 2023 18:39:06 CET): > A. extortion messages like "I recorded you doing bad things, pay me". Tons > deleted, but some in the inboxes. > > B. phishing, some generic, some specific for our web mail interface. The > latter, sometimes, carry our logo in the fake page...
A good share of such messages use the reciepint's domain as sender.
Proper protection here can help.
Another share uses generally trusted domains. If you're lucky, these
trusted domains publish DMARC records.
Ok, and the last share uses non-DMARC domains OR From: heaaders like
From: "your-b...@example.com" <hac...@example.net>
with stupid mailclients only showing the display part of the address.
> Almost 100% of B and most of A comes from hacked mailboxes, from university
> or government agencies, so standard MTAs that won't be blocked by NoListing
> nor greylisting.
Yes. We have the bsi.de (governmental agency for security and data
protection).
$ dig _dmarc.bsi.de txt
; <<>> DiG 9.16.37-Debian <<>> txt _dmarc.bsi.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16687
********
They have SPF, but no DKIM (NXDOMAIN for the _domainkey.bsi.de)
Or did I miss something?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
