No need to pwn the DNS, McAffee has friam.org yellow listed: http://www.siteadvisor.com/sites/friam.org
McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution. <http://www.siteadvisor.com/sites/friam.org> So, which one you is linking to friam.org from your drive by download emporiums? -- rec -- On Mon, Jan 3, 2011 at 2:20 PM, Roger Critchlow <[email protected]> wrote: > The IP address that the x-spam-report lists as blacklisted [209.86.89.62 > listed in list.dnswl.org] maps to elasmtp-dupuy.atl.sa.earthlink.net which > doesn't have any relationship to anything that Owen sent. Ah, but it is one > of smtp servers that Nick's email client uses, it shows up in the headers as > the recipient of email from NicksPC. So Nick's earthlink mail sender is/was > blacklisted at dnswl.org, but earthlink probably fixed that as fast as > they could. > > I've looked at headers for several messages, I don't see the x-spam-report > in any, where were they? Only in messages from Nick delivered to Owen? > Owen, does hostgo.com host the mailbox for backspaces.net? They might > only insert the x-spam-report into mail being delivered to locally hosted > mailboxes. The headers appear in most recently inserted first order, so if > the x-spam-report appears close to the final delivery, it's probably only in > your copies. > > The SiteAdvisor warning is probably unrelated to the x-spam-report that > Owen is seeing. SiteAdvisor is saying that McAffee has friam.org (or the > IP address that DNS lookup returned for friam.org) in a list of hazardous > sites, not to be confused with a list of sites that are spam generators. > > Seeing nothing strange at friam.org according to my DNS lookup, I would > wonder if Nick's DNS has been pwned. That is, despite the paranoia which > we've instilled in Nick, he still managed to install a trojan that has > hijacked the DNS services on his machine to redirect him to more bad sites. > > -- rec -- > > On Mon, Jan 3, 2011 at 11:59 AM, Nicholas Thompson < > [email protected]> wrote: > >> Isn’t it the sort of header that would trigger such a response in mcafee? >> >> >> >> >> >> >> >> *From:* [email protected] [mailto:[email protected]] *On >> Behalf Of *Owen Densmore >> *Sent:* Monday, January 03, 2011 10:56 AM >> >> *To:* The Friday Morning Applied Complexity Coffee Group >> *Subject:* Re: [FRIAM] dropbox? >> >> >> >> >> >> *McAfee SiteAdvisor Warning* >> >> >> >> This e-mail message contains potentially unsafe links to these sites: >> >> >> <http://www.siteadvisor.com/sites/friam.org?pip=false&premium=true&client_uid=1064314504&client_ver=3.3.0.168&client_type=IEPlugin&suite=true&aff_id=0&locale=en_us&os_ver=6.1.0.0> >> >> friam.org >> >> >> >> >> >> Looking at the long headers, I still see the hostgo tag warning: >> >> *X-Spam-Report: * Spam >> detection software, running on the system "milan.hostgo.com", has >> identified this incoming email as possible spam. The original message has >> been attached to this so you can view it (if it isn't spam) or label similar >> future email. If you have any questions, see the administrator of that >> system for details. Content preview: Off topic: The warning only appears >> only on FRIAM messages and it appears on all of them. Is there anything >> about FRIAM that the list-owner should be attending to? [...] Content >> analysis details: (-2.2 points, 5.0 required) pts rule name >> description ---- ---------------------- >> -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE >> RBL: Sender listed at http://www.dnswl.org/, low trust [209.86.89.62 >> listed in list.dnswl.org] -0.0 T_RP_MATCHES_RCVD Envelope sender domain >> matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam >> probability is 0 to 1% [score: 0.0000] -0.3 AWL AWL: From: address is in the >> auto white-list >> >> >> >> But I'm not sure that would rase the warning you see. >> >> >> >> -- Owen >> >> >> On Jan 2, 2011, at 8:41 PM, Nicholas Thompson wrote: >> >> >> Off topic: >> >> The warning only appears only on FRIAM messages and it appears on all of >> them. >> >> Is there anything about FRIAM that the list-owner should be attending to? >> >> N >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf >> Of Owen Densmore >> Sent: Sunday, January 02, 2011 6:54 PM >> To: The Friday Morning Applied Complexity Coffee Group; SFx Discuss >> Subject: Re: [FRIAM] dropbox? >> >> McAfee SiteAdvisor Warning >> >> This e-mail message contains potentially unsafe links to >> these >> sites: >> friam.org >> >> I've started to use dropbox and it seems a real winner! I really like the >> way it combines a remote disk along with local sync'ed folders. >> >> Would anyone who doesn't have a dropbox account yet be willing to sign up >> as >> a referral? >> https://www.dropbox.com/referrals >> >> If you want to start an account, let me refer you first, and we'll BOTH >> get >> 250MB more .. up to a limit of 8GB. Just send me an email, I'll fill the >> form above, and we'll both get a larger account. >> >> -- Owen >> >> >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College lectures, archives, >> unsubscribe, maps at http://www.friam.org >> >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College >> lectures, archives, unsubscribe, maps at http://www.friam.org >> >> >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College >> lectures, archives, unsubscribe, maps at http://www.friam.org >> > >
<<image001.gif>>
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College lectures, archives, unsubscribe, maps at http://www.friam.org
