On a related note, which may bear on the original question, I discovered a whole batch of FRIAM emails in the last couple of weeks classified as spam by Spam Assassin (which inserts the X-spam headers), which I have running on my laptop. I wasn't really able to figure out why, although it is possible that being RBLed is enough to trigger Spam Assassin.
I have taken the explicit step of adding the FRIAM address to my procmailrc as to bypass spam filtering for all FRIAM emails. I can't recall the last time I saw real spam coming through on FRAIM :). Cheers On Mon, Jan 03, 2011 at 02:56:26PM -0700, Roger Critchlow wrote: > Nothing serious, just a false positive in McAffee's SiteAdvisor. > > A download emporium would be a malware business, web sites stocked with all > sorts of malicious software for the unwary to sample. And linking from > there to friam.org would provide McAffee with the "evidence" for their > rating algorithm. > > -- rec -- > > On Mon, Jan 3, 2011 at 2:45 PM, Nicholas Thompson < > [email protected]> wrote: > > > Roger. > > > > > > > > Can you explain what you mean by a “download emporium”? > > > > > > > > Are there any serious issues here, or are we at play? > > > > > > > > N > > > > > > > > *From:* [email protected] [mailto:[email protected]] *On > > Behalf Of *Roger Critchlow > > *Sent:* Monday, January 03, 2011 2:25 PM > > > > *To:* The Friday Morning Applied Complexity Coffee Group > > *Subject:* Re: [FRIAM] dropbox? > > > > > > > > > > > > *McAfee SiteAdvisor Warning* > > > > > > > > This e-mail message contains potentially unsafe links to these sites: > > > > > > <http://www.siteadvisor.com/sites/friam.org?pip=false&premium=true&client_uid=1064314504&client_ver=3.3.0.168&client_type=IEPlugin&suite=true&aff_id=0&locale=en_us&os_ver=6.1.0.0> > > > > friam.org > > > > > > > > > > > > No need to pwn the DNS, McAffee has friam.org yellow listed: > > > > > > > > http://www.siteadvisor.com/sites/friam.org > > > > > > > > McAfee TrustedSource web reputation analysis found potential suspicious > > behavior on this site which may pose a security risk. Use with caution. > > > > > > > > So, which one you is linking to friam.org from your drive by download > > emporiums? > > > > > > > > -- rec -- > > > > On Mon, Jan 3, 2011 at 2:20 PM, Roger Critchlow <[email protected]> wrote: > > > > The IP address that the style='font-size:10.5pt'>[209.86.89.62 listed in > > list.dnswl.org] maps to elasmtp-dupuy.atl.sa.earthlink.net which doesn't > > have any relationship to anything that Owen sent. Ah, but it is one of smtp > > servers that Nick's email client uses, it shows up in the headers as the > > recipient of email from NicksPC. So Nick's earthlink mail sender is/was > > blacklisted at dnswl.org, but earthlink probably fixed that as fast as > > they could. > > > > > > > > I've looked at headers for several messages, I don't see the x-spam-report > > in any, where were they? Only in messages from Nick delivered to Owen? > > Owen, does hostgo.com host the mailbox for backspaces.net? They might > > only insert the x-spam-report into mail being delivered to locally hosted > > mailboxes. The headers appear in most recently inserted first order, so if > > the x-spam-report appears close to the final delivery, it's probably only in > > your copies. > > > > > > > > The SiteAdvisor warning is probably unrelated to the x-spam-report that > > Owen is seeing. SiteAdvisor is saying that McAffee has friam.org (or the > > IP address that DNS lookup returned for friam.org) in a list of hazardous > > sites, not to be confused with a list of sites that are spam generators. > > > > > > > > Seeing nothing strange at friam.org according to my DNS lookup, I would > > wonder if Nick's DNS has been pwned. That is, despite the paranoia which > > we've instilled in Nick, he still managed to install a trojan that has > > hijacked the DNS services on his machine to redirect him to more bad sites. > > > > > > > > -- rec -- > > > > > > > > On Mon, Jan 3, 2011 at 11:59 AM, Nicholas Thompson < > > [email protected]> wrote: > > > > Isn’t it the sort of header that would trigger such a response in mcafee? > > > > > > > > > > > > > > > > *From:* [email protected] [mailto:[email protected]] *On > > Behalf Of *Owen Densmore > > *Sent:* Monday, January 03, 2011 10:56 AM > > > > > > *To:* The Friday Morning Applied Complexity Coffee Group > > > > *Subject:* Re: [FRIAM] dropbox? > > > > > > > > *McAfee SiteAdvisor Warning* > > > > > > > > This e-mail message contains potentially unsafe links to these sites: > > > > > > <http://www.siteadvisor.com/sites/friam.org?pip=false&premium=true&client_uid=1064314504&client_ver=3.3.0.168&client_type=IEPlugin&suite=true&aff_id=0&locale=en_us&os_ver=6.1.0.0> > > > > friam.org > > > > > > > > > > > > Looking at the long headers, I still see the hostgo tag warning: > > > > *X-Spam-Report: * > > Spam > > detection software, running on the system "milan.hostgo.com", has > > identified this incoming email as possible spam. The original message has > > been attached to this so you can view it (if it isn't spam) or label similar > > future email. If you have any questions, see the administrator of that > > system for details. Content preview: Off topic: The warning only appears > > only on FRIAM messages and it appears on all of them. Is there anything > > about FRIAM that the list-owner should be attending to? [...] Content > > analysis details: (-2.2 points, 5.0 required) pts rule name > > description ---- ---------------------- > > -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE > > RBL: Sender listed at http://www.dnswl.org/, low trust [209.86.89.62 > > listed in list.dnswl.org] -0.0 T_RP_MATCHES_RCVD Envelope sender domain > > matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam > > probability is 0 to 1% [score: 0.0000] -0.3 AWL AWL: From: address is in the > > auto white-list > > > > > > > > But I'm not sure that would rase the warning you see. > > > > > > > > -- Owen > > > > > > On Jan 2, 2011, at 8:41 PM, Nicholas Thompson wrote: > > > > Off topic: > > > > The warning only appears only on FRIAM messages and it appears on all of > > them. > > > > Is there anything about FRIAM that the list-owner should be attending to? > > > > N > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On > > Behalf > > Of Owen Densmore > > Sent: Sunday, January 02, 2011 6:54 PM > > To: The Friday Morning Applied Complexity Coffee Group; SFx Discuss > > Subject: Re: [FRIAM] dropbox? > > > > McAfee SiteAdvisor Warning > > > > This e-mail message contains potentially unsafe links to these > > sites: > > friam.org > > > > I've started to use dropbox and it seems a real winner! I really like the > > way it combines a remote disk along with local sync'ed folders. > > > > Would anyone who doesn't have a dropbox account yet be willing to sign up > > as > > a referral? > > https://www.dropbox.com/referrals > > > > If you want to start an account, let me refer you first, and we'll BOTH get > > 250MB more .. up to a limit of 8GB. Just send me an email, I'll fill the > > form above, and we'll both get a larger account. > > > > -- Owen > > > > > > > > ============================================================ > > FRIAM Applied Complexity Group listserv > > Meets Fridays 9a-11:30 at cafe at St. John's College lectures, archives, > > unsubscribe, maps at http://www.friam.org > > > > > > ============================================================ > > FRIAM Applied Complexity Group listserv > > Meets Fridays 9a-11:30 at cafe at St. John's College > > lectures, archives, unsubscribe, maps at http://www.friam.org > > > > > > > > > > ============================================================ > > FRIAM Applied Complexity Group listserv > > Meets Fridays 9a-11:30 at cafe at St. John's College > > lectures, archives, unsubscribe, maps at http://www.friam.org > > > > > > > > > > > > ============================================================ > > FRIAM Applied Complexity Group listserv > > Meets Fridays 9a-11:30 at cafe at St. John's College > > lectures, archives, unsubscribe, maps at http://www.friam.org > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > lectures, archives, unsubscribe, maps at http://www.friam.org -- ---------------------------------------------------------------------------- Prof Russell Standish Phone 0425 253119 (mobile) Mathematics UNSW SYDNEY 2052 [email protected] Australia http://www.hpcoders.com.au ---------------------------------------------------------------------------- ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College lectures, archives, unsubscribe, maps at http://www.friam.org
