On Thu, 2010-08-26 at 16:16 -0700, Kerim Aydin wrote: > Gratuitous: > The datestamps showing up in my mailbox are: > Date: Thu, 26 Aug 2010 17:48:22 -0500 (CDT) > Date: Thu, 26 Aug 2010 17:49:45 -0500 (CDT) > > which are past, and match the time received by agoranomic.org in timezone as > well as time. On the other hand, your explanatory message has the datestamp: > Date: Fri, 27 Aug 2010 00:00:14 +0100 > > I'm guessing that at some stage either my mailreader or agoranomic corrected > for receipt from the future? In which case, agoranomic automatically stopped > the scam by choosing an intelligent timing (the same one as the precedent > IIRC).
The original mails weren't datestamped at all. More interestingly, the Agora-binding datestamp - the Received: stamp where the message leaves my TDoC and enters Taral's - is actually before the time at which I actually sent the email, which is clearly exploitable if that precedent continues to hold. I assumed it would show the time I sent the email, rather than the time I started to compose it, which makes no sense given the circumstances. I bet BlogNomic is laughing at us right now! (It has a persistent technical problem in that blog posts are given the date and time people started to write them, rather than the time they finished, meaning that they often accidentally end up out of order.) -- ais523
