On 31 Aug 2017, at 11:35, Paul Smith wrote:
On 31/08/2017 16:15, Benoit Panizzon wrote:
Strange, todays active domain is: apparty.bid
apparty.bid descriptive text "v=spf1 ip4: -all"
We do check SPF, so why did this email pass? Is 'ip4:' equivalent to
the whole IPv4 space?
No, that's an inv
sume on 8/30 for you as
well?
The entire period between, my domain received no mail from these domains.
Frank
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Benoit Panizzon
Sent: Thursday, August 31, 2017 7:21 AM
To: mailop@mailop.org
Subject: [mailop] S
On 31 Aug 2017, at 9:36, Grant Taylor via mailop wrote:
On 08/31/2017 09:32 AM, Luis E. Muñoz via mailop wrote:
I believe they misspelled "v=spf1 -all"
Why would a spammer purposely use a SPF record that states that no
email is sent?
That seems like it would be the exact opposite of the ve
On 08/31/2017 09:32 AM, Luis E. Muñoz via mailop wrote:
I believe they misspelled "v=spf1 -all"
Why would a spammer purposely use a SPF record that states that no email
is sent?
That seems like it would be the exact opposite of the very thing they
want to do.
Is this some sort of techniqu
On 31/08/2017 16:15, Benoit Panizzon wrote:
Strange, todays active domain is: apparty.bid
apparty.bid descriptive text "v=spf1 ip4: -all"
We do check SPF, so why did this email pass? Is 'ip4:' equivalent to
the whole IPv4 space?
No, that's an invalid rule. Maybe your SPF checker is letting m
On 31 Aug 2017, at 8:15, Benoit Panizzon wrote:
> Hi Stefano
>
>> From my data I'd say that those MX are MX for PARKED domains at
>> namecheap (I logged more than 1000 domains using that MX and randomly
>> checking some of them, they are parked domains).
>>
>> I guess it can be safe to drop incomi
Hi Stefano
> From my data I'd say that those MX are MX for PARKED domains at
> namecheap (I logged more than 1000 domains using that MX and randomly
> checking some of them, they are parked domains).
>
> I guess it can be safe to drop incoming email from a parked domain.
Strange, todays active d
On 31/08/2017 15:20, Benoit Panizzon wrote:
Now I found one thing in common to those spam mails. All of them point
to MX Records from:
eforward1.registrar-servers.com.
to
eforward5.registrar-servers.com.
run by a registrar service. Interestingly not the same used to register
the domains in ques
On 31 August 2017 at 16:20, Benoit Panizzon wrote:
> Hello
>
> Since a couple of days we get a lot of spam from randomly changing
> domains under gtld bid. faith. website. loan. to name a couple.
>
> Now I found one thing in common to those spam mails. All of them point
> to MX Records from:
>
> e
Hello
Since a couple of days we get a lot of spam from randomly changing
domains under gtld bid. faith. website. loan. to name a couple.
Now I found one thing in common to those spam mails. All of them point
to MX Records from:
eforward1.registrar-servers.com.
to
eforward5.registrar-servers.com.
10 matches
Mail list logo
