[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlbeans-dev
Subject: Re: Another piece of virus-spam that made it around the moderator
From: Justin Erenkrantz <jerenkrantz () apache ! org>
Date: 2004-08-28 1:12:32
Message-ID: 884FD64C2F07E5855CD17CC3 () st-augustin ! ics ! uci ! edu
[Download RAW message or body]
--On Friday, August 27, 2004 4:52 PM -0700 Cliff Schmidt <cliff@bea.com>
wrote:
> Any ideas on how this spam is getting through? Note that this spam
> contains links to a virus -- not just annoying spam, but dangerous
> for the unsuspecting user.
It's an inherent flaw in SMTP: ezmlm only knows how to authenticate through
the envelope headers. If the mail looks like it comes from a subscriber
(or on the allow list), then it lets it through: regardless of list
moderation.
I will also note that we do virus checking on our servers, but we obviously
can't scan for external links that point to a virus.
Looking at the email that was sent, the envelope is listed as
beehive-commits@incubator.apache.org. That is a pretty obvious target for
spammers: having the from address equal the to address.
As Roy pointed out, we're starting to deploy countermeasures to address
this particular case. However, if someone forges a spam from
cliff@bea.com, ezmlm is going to allow that through. Only things like SPF
(<http://spf.pobox.com/>) will solve that problem. -- justin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xmlbeans.apache.org
For additional commands, e-mail: dev-help@xmlbeans.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic