On 5/23/19 4:16 PM, Matt Harris wrote: > On Thu, May 23, 2019 at 4:13 PM Hansen, Christoffer > <christof...@netravnen.de <mailto:christof...@netravnen.de>> wrote: > > Appreciate the warning! > > On 23/05/2019 19:46, Valerie Wittkop wrote: > > These messages are not flowing through NANOG servers, nor using > the NANOG domain. They are not messages coming from the NANOG > organization. Please be aware if you receive a message matching > this description and always make sure to scan attachments for a virus. > > The one I received looked like this: > > > From: "NANOG" <serv...@cegips.pl <mailto:serv...@cegips.pl>> > > ... > > Has it been considered switching to "-all", instead of only "~all" in > the spf record? > > > $ dig +short +nocmd +nocomments TXT nanog.org <http://nanog.org> > > "v=spf1 include:_spf.google.com <http://spf.google.com> > ip4:104.20.199.50 ip4:104.20.198.50 ip4:50.31.151.75 > ip4:50.31.151.76 ip6:2001:1838:2001:8::19 ip6:2001:1838:2001:8::20 > ip6:2400:cb00:2048:1::6814:c632 ip6:2400:cb00:2048:1::6814:c732 ~all" > > -Christoffer > > > The SPF record wouldn't make a difference since that email was sent > from @cegips.pl <http://cegips.pl>, not from @nanog.org > <http://nanog.org>. You'd have to change the SPF record for the > cegips.pl <http://cegips.pl> domain to impact their ability to send > from that address. > The one I received was from _rainphil.com_ and came with an ugly Trojan attached as a PDF.
Has anyone else received this type or am I just fortunate? Richard Golodner
