[OAUTH-WG] Recent spam

Neil Madden <neil.madden@forgerock.com> Wed, 13 November 2019 12:27 UTC

Return-Path: <neil.madden@forgerock.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7847E12086B for <oauth@ietfa.amsl.com>; Wed, 13 Nov 2019 04:27:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R3EYIdwNi50Q for <oauth@ietfa.amsl.com>; Wed, 13 Nov 2019 04:27:25 -0800 (PST)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 859D912085F for <oauth@ietf.org>; Wed, 13 Nov 2019 04:27:25 -0800 (PST)
Received: by mail-wr1-x42b.google.com with SMTP id b18so652968wrj.8 for <oauth@ietf.org>; Wed, 13 Nov 2019 04:27:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=DrpfPDWXOQn8ZgOgeciT2SX/ZD+oDyeDRScTfYtNxQo=; b=D9e8fyhpyvMFR0QFj3UYk3U2Xa4QhCB2AEBNw6ubwfBJnENIosJaF+hV7ewwHSvvpy BAx64xIA12ct0fG5Og38Synuzs2B3O2pb6bdG3x4jB0GjohZeQfJs1SI13mFjJ+Zjnvc MvmiW9h3ACayOG5AlB9V6KmqMq5ABM685xuGg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=DrpfPDWXOQn8ZgOgeciT2SX/ZD+oDyeDRScTfYtNxQo=; b=ZG3oq27lyDXkVDb2bEejWT+PRdmifAiDaXa1GNhfBf44Y/NXDCC82reCNQ7yJnvcKX o5hPDZDRQp2MAK4kdcsVaQkZRxqWEcZ06w5L5fTe041W1794zsYsQ55FDP1Z9SWvAA6V UHH3MKlrj+pconAl13CqAq5ejlBWrLlGKPveqtKsYx10wnBqaTKnUp269dwkZokeTRl6 4BpL8qUhJHJB5jDwrQaOmWRWGx+vds1ePeQZIehs0mR5uNBxolMmLwGuMJyPo+SkW7Pm q+0YiBZKMED8Wv0Z4iF+avpcyDOwRjmOB/aLrfeFUoYr0SHe00EFqR4aT4Qz9IR+V47W NQKg==
X-Gm-Message-State: APjAAAW+ELmQXBFsFldkI8OS/e6oZSsQnTLJZ6ZmorU2EaXC6kUEoyId hNEnoeifF1Q0vM7mtcbhI84gEocNobAd6rk5w/2hrYGhuxDEdkGrSrQjdGe72/yx7rgeJfFt5cq XPeCi0y80sqkTdOQSngjkosowJN2pQ39i/plnwSsagBuac4gItMySZcwmz7vbvRo=
X-Google-Smtp-Source: APXvYqw5KHUOx906i8PbKc8Xm/UDfQEudIXOqdGA25/GHQjgzxas4jUDiPgYQ2oUaXEI+u26gtfw0Q==
X-Received: by 2002:a5d:640b:: with SMTP id z11mr2510313wru.195.1573648043627; Wed, 13 Nov 2019 04:27:23 -0800 (PST)
Received: from [192.168.2.130] (77-44-110-214.xdsl.murphx.net. [77.44.110.214]) by smtp.gmail.com with ESMTPSA id u7sm2991923wre.59.2019.11.13.04.27.22 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Nov 2019 04:27:23 -0800 (PST)
From: Neil Madden <neil.madden@forgerock.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\))
Message-Id: <98CFFD2C-AB86-4FCF-A8AD-A825056B5CEB@forgerock.com>
Date: Wed, 13 Nov 2019 12:27:18 +0000
To: oauth <oauth@ietf.org>
X-Mailer: Apple Mail (2.3601.0.10)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/X0JvbcN_ZjoOhbiHT6yJ4tldEpY>
Subject: [OAUTH-WG] Recent spam
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2019 12:27:27 -0000

It appears that overnight some spam was sent out that spoofed my email address and appeared to be a reply to a genuine (old) message on this mailing list. It appears some people are then hitting "Reply All" and so generating additional messages to the OAuth WG mailing list asking to be unsubscribed.

I've checked my own machines and there is no sign of any of them being compromised to send the emails, and there's no trace of any such email in my account's Sent folder - it seems to have been a straightforward email address spoofing. I've asked our IT department to double-check our DMARC/DKIM/SPF settings just to be sure.

Based on the responses I've received, the only people who seemed to received the original spam messages (not the responses) all have "@sympatico.ca" addresses, so it might also be the case that this ISP is not validating incoming emails correctly. I have emailed the ISP to alert them to this, so hopefully the issue will be corrected soon if so.

-- Neil