[openssl-users] Fwd: CONGRATULATION____REF#87670
Jeffrey Walton
noloader at gmail.com
Sat Apr 2 15:41:55 UTC 2016
On Sat, Apr 2, 2016 at 11:24 AM, Salz, Rich <rsalz at akamai.com> wrote:
>
>> why is junk like this not being caught?
>
> Almost all of it is. Nothing is perfect. Thanks for your understanding and patience.
I was looking at some of it landing in my Inbox. Its all from Gmail
users. The headers are Gmail headers submitted via the web. The DKIM
signatures are OK. There are no headers to indicate its been
forwarded. The {from|return|reply to} address does not appear to
forged. Here's an example header from another Gmail user who contacted
me: http://pastebin.com/hRAtRt7S.
I've also had a couple of people contact me asking me to stop spamming
them. I looked at two of those headers, and it clearly appears to be
coming from me though I did not send it (and no evidence in my
Outbox).
I'm thinking there's a vulnerability in the Gmail or Google servers we
have not heard about.
Jeff
More information about the openssl-users
mailing list