Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Testing DidTheyReadIt.com

From: gjgowey () tmo blackberry net
Date: Sun, 30 Sep 2007 10:59:27 +0000
Not to mention that this service simply will not work with some destination addresses that check if the sending MTA is 
authorized to send on behalf of the sending addresses domain.  This list is a perfect example.  I found out somewhat 
accidentally that this list uses spa when some asshat spammer tried bombing it with my email address.  

One little problem for the asshat: this list uses spa and so does blackberry.net therefore the way I found out was when 
the list sent me (correctly) rejected email messages saying that blackberry.net does not authorize <some server> to 
send using addresses bearing its domain name.  Oh well, sucks to be an asshat spammer.

Geoff
 


Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Nick FitzGerald <nick () virus-l demon co uk>

Date: Sun, 30 Sep 2007 23:19:20 
To:full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Testing DidTheyReadIt.com


Juha-Matti Laurio to Thierry Zoller:

[un-top-posted]

Just a sample test of how many of you read this email. Let's see how
good it performs for mailinglists and what comes out.


Your headers etc. doesn't state that this service is in use.


Maybe not _directly_, but comparing Received: headers in other Email
Thierry has sent to Full-Disclosure from his @Zoller.lu address, you
quickly see that hyperion.vo.lu is usually (??) the machine that
injects such messages into the mail chain, whereas "his" test message
was injected by colibri.e-mail-servers.com

Aside from being totally useless "against" those who use text-only
MUAs, this kind of service is generally useless because increasingly,
even vendors like MS realize that user privacy is actually somewhat
important and increasingly make NOT retrieving remote images (and other
content) in "rich text" Emails the default, rather than just providing
an option to turn off such attrocities should the user be aware enough
to go looking for such an option...

This is an example of a service that, in general, should not work, and
in future will be increasingly more useless, I think.

In the meantime, all (???) those using it should be asking what kind of
data leakage they are exposing themselves to, through possible message
content scanning and sender/receiver address usage patterns, among
others.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: