right now our conversation is bi-directional since the listserv is off-line.
i also looked at the headers and they do seem to originate within google itself ( bogon receipts). so, are you telling me that the mere fact that an email is addressed to the list will get it published without verifying that the sender is a subscriber?
everything else i mention relate to the needless exposure of the subscriber's real name and email addr and the permitting of private anchors. obviously, i believe that these practices greatly increase security risks for the subscriber and will subject them to a potential flood of noxious junk.
-- Thank you, Johann v. Preußen On 2016.Apr.04 13:46, Jeffrey Walton wrote:
On Mon, Apr 4, 2016 at 4:28 PM, Johann v. Preußen <j...@forthepolls.org> wrote:i am not certain i understand how it is google's fault that this owenevans98|Dawn was able to slip into the listserv database. this is, of course, assuming that this was not done via a simple sign-up. i also do not understand how prohibiting a posting (content, infra) that obfuscates a message within a host of symbols with a net zero percent of prose and 100% anchor description is responding to some sort of a "fad". this list is re problems and solutions that can only be conveyed in prose ... no prose == no message. and permitting private anchors is also a questionable security practice. it does not seem unreasonable to require anchors to be to recognized sandbox sites or -- much better -- to an openssl-operated one.Yeah, this particular message looks like classic spam (headers available at http://groups.google.com/forum/#!original/mailing.openssl.users/eXD0UYueasw/jsZtjTLPCQAJ). When the spam was getting through, I checked some of the headers and most were coming from Gmail users. See, for example, http://pastebin.com/hRAtRt7S. That particular message likely had its spam score lowered because of the DKIM signing. I was also contacted offlist for the spam I was sending. I saw the headers on two of the messages, and they clearly were from me and submitted through Google's web interface. They looked just like the headers in http://pastebin.com/hRAtRt7S. I did not send them, and they did not show up in my Outbox. Its the reason I'm guessing Google services had a vulnerability that was silently patched. Jeff
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
