[Mailman-Users] non-subscribers getting through--email address in "Real Name"

Grant Taylor gtaylor at tnetconsulting.net
Tue Jul 24 21:09:01 EDT 2018


On 07/24/2018 06:51 PM, Mark Sapiro wrote:
> The stolen address books were used to send phishing emails purportedly 
> from the owner of the address book the the addresses in the book.
> 
> I.e., a message From: a_known_friend at yahoo.com saying things look at 
> this great thing I found and a URL to evilsite.com.
> 
> Trivial to harvest addresses, but not trivial to know a known associate 
> to send the mail From:.

I hadn't thought about the association of the metadata.  Thank you for 
clarifying.

I do question how much more spam was sent by stealing address books from 
large providers compared to viruses / malware doing the same with 
address books on infected machines.

> In this context, the innocents are subscribers to mailing lists who 
> find themselves unsubscribed by bounce processing because their ISPs 
> reject list posts From: other_users at yahoo.com and the operators of those 
> mailing lists.

Indeed, unfortunately "friendly fire".  :-/

> Of course, you seem to feel that these lists were wrong from the beginning 
> for not claiming authorship of the posts by replacing the From: header,

Yes, that's in line with my current view.

> but at the time, this wasn't even an option for most lists.

Lack of an option does not preclude the need for it.

Similarly, ignorance of an option does not preclude the need for it.

Admittedly, I've long struggled with how I thought discussion mailing 
lists should behave.  Originally I hadn't given any thought to munging 
the From: like is suggested for DMARC.  That being said, I did want to 
direct replies back to the discussion list.



-- 
Grant. . . .
unix || die



More information about the Mailman-Users mailing list