[Haskell-cafe] hello Haskell
Yitzchak Gale
gale at sefer.org
Mon Oct 24 10:14:43 CEST 2011
Daniel Fischer wrote:
>> Just for the record, not a newcomer, and has non-spam
>> messages
Conrad Parker wrote:
> There was a recent hotmail exploit, with people reporting their
> account sent spam...
No exploit is needed. It is trivial for an impostor to
seem as if he is sending email from someone else's
account, and spammers do that all the time.
There is nothing special about Hotmail.
There are some ways to detect that kind of fraud.
One method is SPF, which is currently being pushed by
Google and some other email providers:
http://openspf.org/
Unfortunately, Mailman, or at least the version
we are currently using on all of our servers, does
not support this AFAIK.
In fact, our domains do not even have SPF records
themselves yet. So all mail from our mailing lists
is flagged as suspicious by Google and many other
providers. I hope that will be fixed soon.
It's true, even when a system like SPF is in place,
it is still possible to bypass it by breaking in
to an email account and actually sending the
spam from there. But we have not yet reached
the point where such an exploit is even needed.
For now, we are just relying on the classic
method of using a server-side spam filter.
This incident seems to have gotten past that.
Thanks,
Yitz
More information about the Haskell-Cafe
mailing list