Mark,
I don't think I've seen this behavior but I'll have to watch out for it.
Overall, I would oposit that they are sending legitimate traffic to mask
other bad emails at the same time in an attempt to change the signal to
noise ratios and/or to raise their domain/IP/system reputation.
And reading some of the other responses, because the emails are being
forwarded, I'm assuming that DKIM wouldn't pass and that you are using
DMARC so I don't think this is about the DKIM signatures. Do the emails
have a subject change like Fwd:? Are you DKIM signing anything like the
To and Cc headers?
Regards,
KAM
On 8/29/2024 12:58 PM, Mark Fletcher via mailop wrote:
Hi All, I run groups.io , an email groups hosting service, similar to
Google Groups. Over the past couple of years, we've had several
instances of the
Raptor Remark: Please be careful! This email is from an EXTERNAL
sender. Be aware of impersonation and credential theft.
Hi All,
I run groups.io <http://groups.io>, an email groups hosting service,
similar to Google Groups. Over the past couple of years, we've had
several instances of the following behavior:
- Someone controlling several Yahoo/Hotmail/Gmail accounts will sign
them up to mailing lists. Each address will sign up for 1-3 lists, via
email. These are all confirmed opt-in.
- Months later, they will forward the messages they've received from
these lists, unmodified, to many (seemingly) random people, all at once
What I'm trying to understand is what they're hoping to accomplish. I
suppose it could be a straight up harassment campaign against us or
the people they're forwarding the emails to. But I'm wondering if it's
something different. Are they trying to somehow increase sending
reputation for their email addresses, to increase their own spam email
deliverability (and if so, how would that work)? Or something else?
This is top of mind because it just happened again overnight. I have
some spammer detection systems in place, but much of that depends on
information gleaned from a web login.
Thanks,
Mark
RAPTOR REMARK: Alert! Please be careful! This email is from an EXTERNAL sender.
Be aware of impersonation and credential theft.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
