At 11:53 AM 1.14.2003 -0500, Ed Weinberg wrote: >I am surprised that SA does not recognize spam sent by FormMail.pl. >Back around 1987 a 15 year old kid named Matt Wright wrote a FormMail >script. The original insecure version is still in use on a million >sites (no exageration). Spammers figured out how to send email through >it. Each stock script starts the email with the following format >(including the dashed line).: > >=====================START EXAMPLE============================== >Below is the result of your feedback form. It was submitted by >[EMAIL PROTECTED] ([EMAIL PROTECTED]) on Tuesday, January >14, 2003 at 02:05:11 >--------------------------------------------------------------------------- >=====================END EXAMPLE============================== > >-- >Ed Weinberg <[EMAIL PROTECTED]> >
Ed, your info about Formmail is not correct and is very stale. In fact there are more than 2 Million users and the security hole was patched. That doesn't mean that some have not kept up to date and don't know about the breach of security caused by using the older versions and those older ones are most likely the ones you are receiving. The newer versions of formmails cannot be sent from any other domain but the authorized host nor to any other recipients but the one designated by the authorized host. Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com [EMAIL PROTECTED] ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
