[openssl-users] Fwd: CONGRATULATION____REF#87670
Johann v. Preußen
jvp at forthepolls.org
Mon Apr 4 21:32:26 UTC 2016
right now our conversation is bi-directional since the listserv is off-line.
i also looked at the headers and they do seem to originate within google itself
( bogon receipts). so, are you telling me that the mere fact that an email is
addressed to the list will get it published without verifying that the sender is
everything else i mention relate to the needless exposure of the subscriber's
real name and email addr and the permitting of private anchors. obviously, i
believe that these practices greatly increase security risks for the subscriber
and will subject them to a potential flood of noxious junk.
Johann v. Preußen
On 2016.Apr.04 13:46, Jeffrey Walton wrote:
> On Mon, Apr 4, 2016 at 4:28 PM, Johann v. Preußen <jvp at forthepolls.org> wrote:
>> i am not certain i understand how it is google's fault that this
>> owenevans98|Dawn was able to slip into the listserv database. this is, of
>> course, assuming that this was not done via a simple sign-up. i also do not
>> understand how prohibiting a posting (content, infra) that obfuscates a
>> message within a host of symbols with a net zero percent of prose and 100%
>> anchor description is responding to some sort of a "fad". this list is re
>> problems and solutions that can only be conveyed in prose ... no prose == no
>> message. and permitting private anchors is also a questionable security
>> practice. it does not seem unreasonable to require anchors to be to
>> recognized sandbox sites or -- much better -- to an openssl-operated one.
> Yeah, this particular message looks like classic spam (headers
> available at http://groups.google.com/forum/#!original/mailing.openssl.users/eXD0UYueasw/jsZtjTLPCQAJ).
> When the spam was getting through, I checked some of the headers and
> most were coming from Gmail users. See, for example,
> http://pastebin.com/hRAtRt7S. That particular message likely had its
> spam score lowered because of the DKIM signing.
> I was also contacted offlist for the spam I was sending. I saw the
> headers on two of the messages, and they clearly were from me and
> submitted through Google's web interface. They looked just like the
> headers in http://pastebin.com/hRAtRt7S. I did not send them, and they
> did not show up in my Outbox.
> Its the reason I'm guessing Google services had a vulnerability that
> was silently patched.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3825 bytes
Desc: S/MIME Cryptographic Signature
More information about the openssl-users