| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 30 Sep 2007 10:59:27 +0000 From: gjgowey@....blackberry.net To: nick@...us-l.demon.co.uk, full-disclosure@...ts.grok.org.uk Subject: Re: Testing DidTheyReadIt.com Not to mention that this service simply will not work with some destination addresses that check if the sending MTA is authorized to send on behalf of the sending addresses domain. This list is a perfect example. I found out somewhat accidentally that this list uses spa when some asshat spammer tried bombing it with my email address. One little problem for the asshat: this list uses spa and so does blackberry.net therefore the way I found out was when the list sent me (correctly) rejected email messages saying that blackberry.net does not authorize <some server> to send using addresses bearing its domain name. Oh well, sucks to be an asshat spammer. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: Nick FitzGerald <nick@...us-l.demon.co.uk> Date: Sun, 30 Sep 2007 23:19:20 To:full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Testing DidTheyReadIt.com Juha-Matti Laurio to Thierry Zoller: [un-top-posted] > > Just a sample test of how many of you read this email. Let's see how > > good it performs for mailinglists and what comes out. > > Your headers etc. doesn't state that this service is in use. Maybe not _directly_, but comparing Received: headers in other Email Thierry has sent to Full-Disclosure from his @Zoller.lu address, you quickly see that hyperion.vo.lu is usually (??) the machine that injects such messages into the mail chain, whereas "his" test message was injected by colibri.e-mail-servers.com Aside from being totally useless "against" those who use text-only MUAs, this kind of service is generally useless because increasingly, even vendors like MS realize that user privacy is actually somewhat important and increasingly make NOT retrieving remote images (and other content) in "rich text" Emails the default, rather than just providing an option to turn off such attrocities should the user be aware enough to go looking for such an option... This is an example of a service that, in general, should not work, and in future will be increasingly more useless, I think. In the meantime, all (???) those using it should be asking what kind of data leakage they are exposing themselves to, through possible message content scanning and sender/receiver address usage patterns, among others. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists