[openssl-users] Fwd: CONGRATULATION____REF#87670

Jeffrey Walton noloader at gmail.com
Mon Apr 4 20:46:15 UTC 2016


On Mon, Apr 4, 2016 at 4:28 PM, Johann v. Preußen <jvp at forthepolls.org> wrote:
> i am not certain i understand how it is google's fault that this
> owenevans98|Dawn was able to slip into the listserv database. this is, of
> course, assuming that this was not done via a simple sign-up. i also do not
> understand how prohibiting a posting (content, infra) that obfuscates a
> message within a host of symbols with a net zero percent of prose and 100%
> anchor description is responding to some sort of a "fad". this list is re
> problems and solutions that can only be conveyed in prose ... no prose == no
> message. and permitting private anchors is also a questionable security
> practice. it does not seem unreasonable to require anchors to be to
> recognized sandbox sites or -- much better -- to an openssl-operated one.

Yeah, this particular message looks like classic spam (headers
available at http://groups.google.com/forum/#!original/mailing.openssl.users/eXD0UYueasw/jsZtjTLPCQAJ).

When the spam was getting through, I checked some of the headers and
most were coming from Gmail users. See, for example,
http://pastebin.com/hRAtRt7S. That particular message likely had its
spam score lowered because of the DKIM signing.

I was also contacted offlist for the spam I was sending. I saw the
headers on two of the messages, and they clearly were from me and
submitted through Google's web interface. They looked just like the
headers in http://pastebin.com/hRAtRt7S. I did not send them, and they
did not show up in my Outbox.

Its the reason I'm guessing Google services had a vulnerability that
was silently patched.

Jeff


More information about the openssl-users mailing list