
Mailinator and the Recent Google Docs Phishing Attack - boyter
http://mailinator.blogspot.com/2017/05/mailinator-and-recent-google-docs.html
======
rlpb
"In effect, they were relying on Mailinator’s proven ability to receive lots
of email."

No, they weren't. Mailinator's ability to receive email had nothing to do with
it.

This blog post even admits this itself two paragraphs down: "We noticed the
activity early on, and shut down the inbound stream of emails to the
hhhhhhhhhhhhhhhh inbox. Unfortunately, this did nothing to stop the attack.
That's because nothing about the attack was happening via Mailinator."

------
eridius
Why did the phishing email need a To address at all? I've seen "undisclosed-
recipients;" used very frequently as the To address of an email BCC'd to a
group of people, so why not just do something like that?

~~~
galvin
The emails where sent from compromised accounts and Gmail requires a "to"
address, I think.

~~~
eridius
I just tested. It doesn't. If you leave "To" blank and just provide a BCC the
email it sends is addressed to

    
    
      To: undisclosed-recipients:;

------
pawadu
So basically mailinator had a list of compromised accounts (the sender of
these emails) and decided to /dev/null this information instead of contacting
google=

~~~
marichards
I'm pretty sure Google has the same list from their records of sent emails.

