[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlbeans-dev
Subject:    Re: Another piece of virus-spam that made it around the moderator
From:       Justin Erenkrantz <jerenkrantz () apache ! org>
Date:       2004-08-28 1:12:32
Message-ID: 884FD64C2F07E5855CD17CC3 () st-augustin ! ics ! uci ! edu
[Download RAW message or body]

--On Friday, August 27, 2004 4:52 PM -0700 Cliff Schmidt <cliff@bea.com> 
wrote:

> Any ideas on how this spam is getting through?  Note that this spam
> contains links to a virus -- not just annoying spam, but dangerous
> for the unsuspecting user.

It's an inherent flaw in SMTP: ezmlm only knows how to authenticate through 
the envelope headers.  If the mail looks like it comes from a subscriber 
(or on the allow list), then it lets it through: regardless of list 
moderation.

I will also note that we do virus checking on our servers, but we obviously 
can't scan for external links that point to a virus.

Looking at the email that was sent, the envelope is listed as 
beehive-commits@incubator.apache.org.  That is a pretty obvious target for 
spammers: having the from address equal the to address.

As Roy pointed out, we're starting to deploy countermeasures to address 
this particular case.  However, if someone forges a spam from 
cliff@bea.com, ezmlm is going to allow that through.  Only things like SPF 
(<http://spf.pobox.com/>) will solve that problem.  -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xmlbeans.apache.org
For additional commands, e-mail: dev-help@xmlbeans.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]