Full Disclosure mailing list archives
Re: Testing DidTheyReadIt.com
From: gjgowey () tmo blackberry net
Date: Sun, 30 Sep 2007 10:59:27 +0000
Not to mention that this service simply will not work with some destination addresses that check if the sending MTA is authorized to send on behalf of the sending addresses domain. This list is a perfect example. I found out somewhat accidentally that this list uses spa when some asshat spammer tried bombing it with my email address. One little problem for the asshat: this list uses spa and so does blackberry.net therefore the way I found out was when the list sent me (correctly) rejected email messages saying that blackberry.net does not authorize <some server> to send using addresses bearing its domain name. Oh well, sucks to be an asshat spammer. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: Nick FitzGerald <nick () virus-l demon co uk> Date: Sun, 30 Sep 2007 23:19:20 To:full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Testing DidTheyReadIt.com Juha-Matti Laurio to Thierry Zoller: [un-top-posted]
Just a sample test of how many of you read this email. Let's see how good it performs for mailinglists and what comes out.Your headers etc. doesn't state that this service is in use.
Maybe not _directly_, but comparing Received: headers in other Email Thierry has sent to Full-Disclosure from his @Zoller.lu address, you quickly see that hyperion.vo.lu is usually (??) the machine that injects such messages into the mail chain, whereas "his" test message was injected by colibri.e-mail-servers.com Aside from being totally useless "against" those who use text-only MUAs, this kind of service is generally useless because increasingly, even vendors like MS realize that user privacy is actually somewhat important and increasingly make NOT retrieving remote images (and other content) in "rich text" Emails the default, rather than just providing an option to turn off such attrocities should the user be aware enough to go looking for such an option... This is an example of a service that, in general, should not work, and in future will be increasingly more useless, I think. In the meantime, all (???) those using it should be asking what kind of data leakage they are exposing themselves to, through possible message content scanning and sender/receiver address usage patterns, among others. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Testing DidTheyReadIt.com, (continued)
- Re: Testing DidTheyReadIt.com Anshuman G (Sep 29)
- Re: Testing DidTheyReadIt.com lee . e . rian (Sep 29)
- Re: Testing DidTheyReadIt.com Morning Wood (Sep 29)
- Re: Testing DidTheyReadIt.com Valdis . Kletnieks (Sep 29)
- Re: Testing DidTheyReadIt.com James Matthews (Sep 29)
- Re: Testing DidTheyReadIt.com James Matthews (Sep 29)
- Re: Testing DidTheyReadIt.com James Matthews (Sep 29)
- Re: Testing DidTheyReadIt.com Xavier Beaudouin (Sep 30)
- Re: Testing DidTheyReadIt.com Juha-Matti Laurio (Sep 29)
- Re: Testing DidTheyReadIt.com Fabrizio (Sep 29)
- Re: Testing DidTheyReadIt.com Nick FitzGerald (Sep 30)
- Re: Testing DidTheyReadIt.com gjgowey (Sep 30)
- Re: Testing DidTheyReadIt.com Brian Taylor (Sep 29)
- Re: Testing DidTheyReadIt.com Paul Szabo (Sep 29)
- Re: Testing DidTheyReadIt.com Thierry Zoller (Sep 29)