[Outages-discussion] [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure

[Grant Taylor]

I'm re-routing my reply to outages-discussion instead of the original 
outages mailing list.  --  I'm CCing John in case he doesn't subscribe 
to outages-discussion.

On 11/13/21 9:56 AM, John Sage via Outages wrote:
> Is anyone besides me now receiving three (or here four) identical posts 
> to the list with identical time stamps?

Yes.

I received five copies of the message.  All of the messages had the same 
Message-ID.

Tracing the Received: headers, it seems like the message was a duplicate 
all the way up to mx00.postal00.hostinfr.com.  I see the first new 
(E)SMTP(S) id at puck.nether.net.

So, it seems to me like the duplication happened between ...hostinfr.com 
and ...nether.net.

I've not implemented a duplicate message ID filter for the Outages 
mailing list.  But perhaps I should.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20211113/04f078ea/attachment.p7s>