On 2023-10-11 at 22:02:22 UTC-0400 (Wed, 11 Oct 2023 22:02:22 -0400)
Ricky Boone <ricky.bo...@gmail.com>
is rumored to have said:
My apologies.
The samples that I have contain email addresses that I am not at
liberty to share without redacting. If it's okay that there are
certain strings that are removed, I should be able to make them
available. Is there a preferred method for getting this to you?
Attached to a message here or to a bug report in the SA project
Bugzilla: https://bz.apache.org/SpamAssassin/
Ideally, just redact the local part of user addresses. Nothing else is
really sensitive in spam, and facts like domains and IP addresses help
validate spam analysis. For example, we wouldn't want to de-list a
domain which appears to be forged into spam.
The point of having a minimally-redacted message as an openly visible
example for removing a def_welcomelist entry is to make sure that we
aren't open to being used for mischief and can justify the removal later
if asked to. The bar for removal is very low (being listed is a
privilege, not a right) but it can't be simply 'someone said...'
On Wed, Oct 11, 2023 at 9:25 PM Bill Cole
<sausers-20150...@billmail.scconsult.com> wrote:
On 2023-10-11 at 16:45:15 UTC-0400 (Wed, 11 Oct 2023 16:45:15 -0400)
Ricky Boone <ricky.bo...@gmail.com>
is rumored to have said:
Just a heads up, it appears that usssa[.]com has had their SendGrid
email sending account popped, and a bad actor has been sending
phishing emails from it. The domain is defined in
60_welcomelist_auth.cf with def_welcomelist_auth/def_whitelist_auth
entries with *@*.usssa.com.
If anyone has a shareable sample spam to substantiate this, that
would
be helpful.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
