Could someone from Canonical look into the sheer amount of SPAM e-mails eminating from their @edubuntu.org addresses e.g.
opinions@edubuntu.org - we’ve blocked your account - you’re photos will be deleted
opinioins@edubuntu.org - Norton final warning
info@edubuntu.org - we’ve blocked your account - you’re files will be deleted
For now, it’s safest to assume these emails are spoofed rather than actually sent from Edubuntu servers.
Don’t click any links or reply to them.
If possible, check the email headers to see whether the message really passed through edubuntu.org mail servers.
Probably best to let the Edubuntu flavour team know about this.
Pinging @eeickmeyer and @amypenguin
We have no control over the domain, that would be Canonical IS. Someone is simply spoofing the email address. There is no edubuntu.org email server.
As far as I know, an RT ticket is already opened.
Hello,
The domain edubuntu.org lacks DMARC protection, allowing widespread email spoofing attacks.
Current state:
SPF is configured: v=spf1 include:_spf.canonical.com include:spf.forwardemail.net -all
DMARC is missing
Issue:
Phishing campaigns using @edubuntu.org addresses bypass filters due to absent DMARC.
Solution:
Add this DNS record:
_dmarc.edubuntu.org TXT "v=DMARC1; p=reject; rua=mailto:dmarc-reports@canonical.com"
This will reject spoofed emails and send Canonical detailed reports of abuse attempts.
Thank you,
William