Hi All... Alain, no need to confirm the message body, it was the compromise campaign.
iPhone truncated the message; couldn't see the full deal until after I'd sent my reply. Thanks all-- Mkr Sent from my iPhone On Apr 29, 2013, at 10:00 PM, "Margot Romary" <margot.rom...@returnpath.com> wrote: > Hi Alain... Apologies for the delayed reply. I'm mid-move cross country with > my family and have limited access to email. > > Living Social, stemming from their recent internal compromise, sent > notifications of the breach to any address from which they'd had a touchpoint > in the past. They hit a *lot* of traps while trying to do the right thing -- > asking consumers to reset credentials, etc. > > Based on the subject line in the below message, it looks like you got one > such notice. Did you happen to read the email? > > I understand this thread has been tabled (trying to sign up for the dev list > now) -- wanted to get out a reply before the thread was lost entirely. > > Under any other circumstances, we would have suspended Living Social from our > program due to their compliance issue from this campaign. Considering this > was a PSA aimed at protecting consumers, we gave them additional leeway. If > we had suspended their IPs, it's likely hundreds of thousands of messages > aimed at engaged consumers would have been spamfoldered or blocked, and the > vulnerable consumers would have stayed in the dark. I hope you can > understand our actions in this case. > > It would also be particularly helpful if you could confirm the trap hit you > received was regarding the compromise. If not, LS has some deeper issues > we're unaware of, and we'd need to have a chat with them. > > Many thanks, > > Margot Romary > Director, Compliance and Security > Return Path, Inc. > > Sent from my iPhone > > On Apr 27, 2013, at 5:27 AM, "Alain Kelder" <spamassas...@ak4life.com> wrote: > >> Hello, >> >> Today a spam message from livingsocial.com got through. It was sent to a >> honey pot address (e.g. not used for legitimate mail). I don't even have >> an account with livingsocial.com. This spam message would have been >> caught had SA not credited it -5 points with two RP rules: >> >> RCVD_IN_RP_CERTIFIED=-3 >> RCVD_IN_RP_SAFE=-2 >> >> I've overridden the scores for the above tests in my SA configuration, >> but wanted to report this so it might benefit others. >> >> Thanks, >> Alain >> >> P.S. Here's the spam message: >> >> Return-Path: <repl...@bounces.livingsocial.com> >> Received: from [REMOVED] ([unix socket]) >> by [REMOVED] (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; >> Sat, 27 Apr 2013 01:48:01 -0700 >> X-Sieve: CMU Sieve 2.2 >> Received: from localhost (localhost [127.0.0.1]) >> by [REMOVED] (Postfix) with ESMTP id 51ED157ADB >> for <[REMOVED]>; Sat, 27 Apr 2013 01:48:01 -0700 (PDT) >> X-Virus-Scanned: Debian amavisd-new at [REMOVED] >> X-Spam-Flag: NO >> X-Spam-Score: -2.277 >> X-Spam-Level: >> X-Spam-Status: No, score=-2.277 required=4 tests=[BAYES_05=-3, >> DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, >> MIME_HTML_ONLY_MULTI=0.001, MPART_ALT_DIFF=0.79, MXCOW_SPAMTRAP=4.1, >> RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_RP_CERTIFIED=-3, >> RCVD_IN_RP_SAFE=-2, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, >> T_DKIM_INVALID=0.01] autolearn=no >> Received: from [REMOVED] ([127.0.0.1]) >> by localhost ([REMOVED] [127.0.0.1]) (amavisd-new, port 10024) >> with ESMTP id 9d1f7y+swmdQ for <[REMOVED]>; >> Sat, 27 Apr 2013 01:47:57 -0700 (PDT) >> Received: from mta-34c9.livingsocial.com (mta-34c9.livingsocial.com >> [199.91.52.201]) >> by [REMOVED] (Postfix) with ESMTP id 3F84757ADA >> for <[REMOVED]>; Sat, 27 Apr 2013 01:47:57 -0700 (PDT) >> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=ls3; >> d=livingsocial.com; >> h=Date:List-Unsubscribe:from:To:Message-ID:Subject:MIME-Version:Content-Type; >> bh=MeSEhi/r/Te6TwcICMCrN+cn7RI=; >> b=q6eqSXDJtFSpF31Wb9TlDte5QIjEuc7Kxjo56psPTu6fKHshnyyzsyzJz38BRtdXAzOl+dwcKzst >> 9L2zaRYhdF+WXOSy0IKdZyedIjJ7qxiCCoJ37/uv64ky4EzSy1X7s10n9s0j4G/kpZN3Z2e1z5uo >> 3f/CDVsk2IJReXPVnC0= >> Received: from app-mail02.iad.livingsocial.net (172.17.4.94) by >> mta-34c9.livingsocial.com id hfe8bq1ilg0v for <[REMOVED]>; Sat, 27 Apr >> 2013 08:45:22 +0000 (envelope-from <repl...@bounces.livingsocial.com>) >> Date: Sat, 27 Apr 2013 08:45:22 +0000 >> X-MSFBL: >> c3BtdHJwQGFrNGxpZmUuY29tQGJpbmRpbmdAYmluZGluZ19ncm91cEBnX044VlVKMThGQjBFTTc0OEJVVlA5VlVQNDlRMkgwODRJUEMzUUZQMlRJUjVUR0VUSjVKVUc9PT09 >> X-score: 1 >> X-Ls-Send-Id: g_N8VUJ18FB0EM748BUVP9VUP49Q2H084IPC3QFP2TIR5TGETJ5JUG==== >> X-Mailer: Syringe 1.0.0 >> List-Unsubscribe: >> <mailto:unsubscribe-g_N8VUJ18FB0EM748BUVP9VUP49Q2H084IPC3QFP2TIR5TGETJ5JUG====@bounces.livingsocial.com> >> from: LivingSocial <upda...@livingsocial.com> >> To: [REMOVED] >> Message-ID: >> <898585605.1019.1367052321169.javamail.do...@app-mail02.iad.livingsocial.net> >> Subject: An important update on your LivingSocial.com account >> MIME-Version: 1.0 >> Content-Type: multipart/alternative; >> boundary="----=_Part_1017_1518702247.1367052321167" >> reply_to: norepl...@livingsocial.com >> x-avocado-domain: hungrymachine.com >> x-ls-priority: whale >> >> ------=_Part_1017_1518702247.1367052321167 >> Content-Type: text/html; charset=utf-8 >> Content-Transfer-Encoding: 7bit >> Content-Disposition: inline >> >> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" >> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";> >> <html> >> <head> >> <title>Important Information</title> >> <style type="text/css"> >> body { width: 100% !important; } >> .appleDevice a, .ii a, .ReadMsgBody a {color:#1D81C1; text-decoration:none;} >> #header img {color:#f1c52c;} >> /* mobile styles */ >> @media only screen and (max-device-width: 480px) { >> table[class="container"], >> table[class="main_container"], >> td[class="main_content"], td[class="main_content"] p, >> td[class="footer_container"], td[class="footer_content"] { width: 100% >> !important;} >> >> td[class="inner_container"] { padding: 10px 0px !important;} >> >> td[class="main_content"], td[class="main_content"] p { font-size: 24px >> !important;} >> td[class="header_headline"] { font-size: 30px !important;} >> td[class="footer_content"], td[class="footer_content"] p { font-size: >> 16px !important;} >> >> /* deal info blocks */ >> td[class="deal_image_container"] { width: 130px !important;} >> td[class="deal_info_container"] { padding-right: 10px !important; >> padding-left: 10px !important; width: 100% !important; } >> img[class="deal_image"] { height: 186px !important; width: 130px >> !important; } >> a[class="deal_merchant"] { font-size: 24px !important; } >> span[class="deal_title"] {font-size: 20px !important; } >> p[class="deal_description"] { font-size: 18px !important; } >> >> td[class="button_container"] { height: 60px !important; margin: 10px 0px >> 0px 0px !important; width: 100% !important; } >> td[class="button"] { >> background-color: #58cef9 !important; >> background-image: -webkit-gradient(linear, left top, left bottom, >> color-stop(0%, #58cef9), color-stop(100%, #3eabd6)) !important; >> background-image: -webkit-linear-gradient(top, #58cef9, #3eabd6) !important; >> background-image: -moz-linear-gradient(top, #58cef9, #3eabd6) !important; >> background-image: -ms-linear-gradient(top, #58cef9, #3eabd6) !important; >> background-image: -o-linear-gradient(top, #58cef9, #3eabd6) !important; >> background-image: linear-gradient(top, #58cef9, #3eabd6) !important; >> -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; >> -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; >> -ms-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; >> -o-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; >> box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; >> -webkit-border-radius: 4px !important; >> -moz-border-radius: 4px !important; >> -ms-border-radius: 4px !important; >> -o-border-radius: 4px !important; >> border-radius: 4px !important; >> border: 1px solid #298eb6 !important; >> color: white !important; >> display: inherit !important; >> display: -moz-inline-box !important; >> -moz-box-orient: vertical !important; >> display: inline-block !important; >> font: 22px/100% "arial rounded mt bold", helvetica, arial, sans-serif >> !important; >> line-height: 18px !important; >> padding: 10px 15px !important; >> outline: none !important; >> text-align: center !important; >> text-decoration: none !important; >> text-transform: lowercase !important; >> vertical-align: baseline !important; >> zoom: 1 !important; >> *display: inline !important; >> *margin-left: .3em !important; >> *vertical-align: auto !important; >> } >> >> div[class="online-redemption"] { width: 98% !important; } >> div[class="online-redemption"] div[class="or_deal_img_title"] { margin: >> 0px; padding: 0px; } >> div[class="online-redemption"] div[class="or_deal_image_container"] { >> display: none !important; } >> div[class="online-redemption"] div[class="or_deal_image_container"] >> img[class="deal_image"] { display: none !important; } >> div[class="online-redemption"] div[class="or_deal_img_title"] >> div[class="or_deal_title"] h2 { font-size: 24px !important; >> margin-bottom: 5px !important; } >> div[class="online-redemption"] div[class="or_deal_img_title"] >> div[class="expiration-notice"] { font-size: 14px !important; } >> >> div[class="online-redemption"] ol[class="or_redemption_instructions"] { >> margin-left: 10px !important; } >> div[class="online-redemption"] ol[class="or_redemption_instructions"] >> li[class="instruction_steps"] { margin-bottom: 10px !important;} >> div[class="online-redemption"] ol[class="or_redemption_instructions"] >> li[class="instruction_steps"] img { max-width: 300px !important; margin: >> 0px !important; padding: 15px 0px !important;} >> div[class="online-redemption"] div[class="or_redemption_code_container"] >> h3 { font-size: 20px !important; } >> div[class="online-redemption"] div[class="or_redemption_code_container"] >> div[class="or_redemption_code"] { margin: 0px !important; padding: 5px >> 0px !important;} >> div[class="online-redemption"] div[class="or_redemption_code_container"] >> h2 { font-size: 20px !important; padding-left: 0px !important;} >> } >> >> </style> >> </head> >> <body style="padding: 0; margin: 0; background-color: #262626;"> >> <table bgcolor="#262626" border="0" cellspacing="0" cellpadding="0" >> id="newsletter" width="100%"> >> <tbody> >> <tr> >> <td style="padding-top: 10px; vertical-align: top;"> >> <table align="center" border="0" cellspacing="0" cellpadding="0" >> width="600" class="container"> >> <tbody> >> <tr> >> <td class="inner_container" style="padding-top: 10px; padding-right: >> 10px; padding-bottom: 10px; padding-left: 10px; vertical-align: top;"> >> <table border="0" cellspacing="0" cellpadding="0" width="600" >> class="main_container"> >> <tbody> >> <tr> >> <td colspan="2" width="600" align="center" >> style="color:#f0f0f0;font-family:helvetica,arial,sans-serif;font-size:11px"><p >> style="margin:0px;padding:0px 0px 10px 0px;color:#999999"> LivingSocial >> Account Update <br /><span style="font-style:italic">You are receiving >> this message based on your relationship with LivingSocial, even though >> you may have previously unsubscribed. If you have unsubscribed you will >> not receive any other messages from us.</span></p></td> >> </tr> >> <tr> >> <td id="header" style="vertical-align: bottom; padding-bottom:10px;"> >> <img >> src="http://a4.ak.lscdn.net/imgs/8b538ad9-933a-41d8-89fb-59570b5e4f9d"; >> style="border:none;" alt="LivingSocial" width="112" height="42" /> </td> >> </tr> >> <tr> >> <td class="header_headline" style="color: #ffffff; font-family: 'Arial >> Rounded MT Bold', Helvetica, Arial, sans-serif; font-size: 40px; >> font-weight: bold;"> </td> >> </tr> >> <tr> >> <td bgcolor="#ffffff" class="main_content" style="border: 1px solid >> #d6d6d6; color: #666666; font-family: Helvetica, Arial, sans-serif; >> font-size: 14px; padding:20px; vertical-align: top;"> >> <table width="600" border="0" cellpadding="0" cellspacing="0"> >> <tbody> >> <tr> >> <td colspan="2" valign="top" style="padding-right: 20px;"> <p >> style="font-family: 'arial rounded mt bold', helvetica, arial, >> sans-serif; margin-top: 0px; color: #262626; font-size: 18px;"> >> IMPORTANT INFORMATION<br /></p> <p style="color: #373332; font-family: >> helvetica, arial, sans-serif; font-size: 12px; line-height: >> 140%;">LivingSocial recently experienced a cyber-attack on our computer >> systems that resulted in unauthorized access to some customer data from >> our servers. We are actively working with law enforcement to investigate >> this issue. </p> <p style="color: #373332; font-family: helvetica, >> arial, sans-serif; font-size: 12px; line-height: 140%;">The information >> accessed includes names, email addresses, date of birth for some users, >> and encrypted passwords -- technically ‘hashed’ and ‘salted’ passwords. >> We never store passwords in plain text.</p> <p style="color: #373332; >> font-family: helvetica, arial, sans-serif; font-size: 12px; line-height: 14 >> 0%;">Two things you should know: </p> >> <ol style="color: #373332; font-family: helvetica, arial, sans-serif; >> font-size: 12px; line-height: 140%;"> >> <li>The database that stores customer credit card information was not >> affected or accessed.</li> >> <li>If you connect to LivingSocial using Facebook Connect, your Facebook >> credentials were not compromised.</li> >> </ol> <span style="color: #373332; font-family: helvetica, arial, >> sans-serif; font-size: 12px; line-height: 140%;">You do not need to take >> any action at this time, but we wanted to be sure you were fully >> informed of what happened.</span><p></p> <p style="color: #373332; >> font-family: helvetica, arial, sans-serif; font-size: 12px; line-height: >> 140%;"><strong>The security of your information is our >> priority.</strong> We always strive to ensure the security of our >> customer information, and we are redoubling efforts to prevent any >> issues in the future.</p> <p style="color: #373332; font-family: >> helvetica, arial, sans-serif; font-size: 12px; line-height: >> 140%;">Please note that LivingSocial will never ask you directly for >> personal or account information in an email. We will always direct you >> to the LivingSocial website – and require you to login – before making >> any changes to your account. Please disregard any emails claiming to be >> from LivingSocial that requ >> est such information or direct you to a website that asks for such >> information.</p> <p style="color: #373332; font-family: helvetica, >> arial, sans-serif; font-size: 12px; line-height: 140%;">If you have >> additional questions about this process, the "Create New >> Password" button on LivingSocial.com will direct you to a page that >> has instructions on creating a new password and answers to frequently >> asked questions. </p> <p style="color: #373332; font-family: helvetica, >> arial, sans-serif; font-size: 12px; line-height: 140%;">We are sorry >> this incident occurred, and we look forward to continuing to introduce >> you to new and exciting things to do in your community.</p> <p >> style="color: #373332; font-family: helvetica, arial, sans-serif; >> font-size: 12px; line-height: 140%;">Sincerely, <br />Tim O'Shaughnessy, >> CEO</p> </td> >> </tr> >> </tbody> >> </table> </td> >> </tr> >> </tbody> >> </table> <br /> >> <table width="600" class="footer_container"> >> <tbody> >> <tr> >> <td class="footer_content" style="font-size: 10px; >> padding:20px;font-family: Helvetica, Arial, sans-serif; color:#d1d1d1; >> text-align:center;"> <p style="margin-bottom:10px;"> This message was >> sent by LivingSocial, 1445 New York Ave NW, Suite 200, Washington, DC >> 20005. </p> <p style="margin-bottom: 0"> You are receiving this email >> because you have an existing relationship with >> http://www.livingsocial.com/. </p> </td> >> </tr> >> </tbody> >> </table> >> <!-- end footer_container --> </td> >> </tr> >> </tbody> >> </table> >> <!-- end container --> </td> >> </tr> >> </tbody> >> </table> >> <img height="0" width="0" border="0" alt="" >> src="http://t.livingsocial.com/track/g_N8VUJ18FB0EM748BUVP9VUP49Q2H084IPC3QFP2TIR5TGETJ5JUG===="; >> /> >> </body> >> </html> >> ------=_Part_1017_1518702247.1367052321167--
