[efh] Heads up, folks: Spam alert
Drake Wilson
drake at begriffli.ch
Thu Mar 1 12:16:51 CST 2007
(Oop, forgot to send this to the list too.)
Quoth Allucquére Rosanne Stone <sandy at actlab.utexas.edu>, on 2007-03-01 11:01:12 -0600:
> Looks like some awfully clever hacker has figured out how to get spam
> past our (extensive and aggressive!) filtering system and post it to
> this list in my name. We won't get a chance to examine the situation
> until tomorrow at the earliest, but meanwhile please be patient...
I expect they sent it to you originally, with some combination of envelope-from and
header-from referencing the list and a nonexistent address (I don't know which parts
TMDA examines), thereby tricking your TMDA into sending a verification for the
nonexistent address back to the list... ? That's what it looks like from here,
anyway.
I suppose making the list check signatures against a valid list of GPG keys before
permitting posts through would be a bit too much... :-P
> -Sandy
---> Drake Wilson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://home.actlab.utexas.edu/pipermail/efh/attachments/20070301/3faa5e77/attachment.pgp
More information about the efh
mailing list