[clug] fraud

Andrew Savchenko andrew at lists.savchenko.net
Tue Nov 10 02:44:29 UTC 2020

Hello peter,

Tuesday, November 10, 2020, 1:01:26 PM, you wrote:

>  Can you explain how the scam could be implemented.... virus, malware etc ?

Plethora of ways:

1. Builder's machine was compromised
2. Client's machine was compromised
3. E-mail was intercepted and manipulated on the side of MX and DKIM 
   signatures weren't enforced.
4. DNS spoofed and DNSSEC wasn't enforced or records were not provisioned in a
   first place.
5. MTA-STS policy was absent or not checked by MTA.
6. DMARC policy wasn't strict enough or not enforced by recipient.
7. SPF wasn't used properly.
8. ...

The list goes on.


More information about the linux mailing list