Is anybody else getting these weirdly mangled messages? A significant percentage of the messages from friam are being reported as possible spam. I am not sure, but I believe that I am not getting the original message.
From my reading of the headers, it appears that google gets the mailing list message on behalf of [email protected]<mailto:[email protected]> (I'm assuming the redfish hosts their email on gmail). Google then sends it through paris.hostgo.com<http://paris.hostgo.com>, which flags the email as possible spam and then sends it on to me via Sandia's corporate email. DNS whitelisting is cited as the source for identifying the originating sender as a past spam site. This happens with multiple participants on FRIAM, so I doubt that the actual person's address is the problem and dnswl.org<http://dnswl.org> confirmed that when I looked up Robert's personal domain. I also checked on redfish.com<http://redfish.com> and you-all are not the problem. The only other domain involved at the point where the email passes through hostgo.com<http://hostgo.com> is google.com<http://google.com> - so I don't understand what is being detected. Ray Parks Consilient Heuristician/IDART Program Manager V: 505-844-4024 M: 505-238-9359 P: 505-951-6084 NIPR: [email protected]<mailto:[email protected]> SIPR: [email protected]<mailto:[email protected]> (send NIPR reminder) JWICS: [email protected]<mailto:[email protected]> (send NIPR reminder) Begin forwarded message: From: Robert Holmes <[email protected]<mailto:[email protected]>> Subject: [EXTERNAL] Date: August 7, 2013 8:13:26 AM MDT To: The Friday Morning Applied Complexity Coffee Group <[email protected]<mailto:[email protected]>> Received: from mailgate2.sandia.gov<http://mailgate2.sandia.gov> (132.175.109.4) by mail.sandia.gov<http://mail.sandia.gov> (134.253.103.2) with Microsoft SMTP Server id 14.3.123.3; Wed, 7 Aug 2013 08:31:38 -0600 Received: from sentry-two.sandia.gov<http://sentry-two.sandia.gov> (sentry-two.sandia.gov<http://sentry-two.sandia.gov> [132.175.109.14]) by mailgate2.sandia.gov<http://mailgate2.sandia.gov> (8.14.4/8.14.4) with ESMTP id r77EVc9x013632; Wed, 7 Aug 2013 08:31:38 -0600 Received: from fbdbrel05.localdomain (osmtp-mefxp.att-mail.com<http://osmtp-mefxp.att-mail.com> [12.131.129.86]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sentry-two.sandia.gov<http://sentry-two.sandia.gov> (Postfix) with ESMTPS id 25217D388E6; Wed, 7 Aug 2013 08:20:07 -0600 (MDT) Received: from fbdbscrub11.att-mail.com<http://fbdbscrub11.att-mail.com> (unknown [192.168.125.11]) by fbdbrel05.localdomain (Postfix) with ESMTP id F3DE415F8073; Wed, 7 Aug 2013 14:20:06 +0000 (GMT) Received: from fbdbrel03.localdomain (fbdbrel03.seg.att.com<http://fbdbrel03.seg.att.com> [192.168.10.21]) by fbdbscrub11.att-mail.com<http://fbdbscrub11.att-mail.com> with ESMTP id JkLbmhtSU61Es1Vz; Wed, 07 Aug 2013 14:20:06 +0000 (GMT) Received: from sentry-three.sandia.gov<http://sentry-three.sandia.gov> (unknown [132.175.109.17]) by fbdbrel03.localdomain (Postfix) with ESMTPS id 519B3128805E; Wed, 7 Aug 2013 14:20:06 +0000 (GMT) Received: from paris.hostgo.com<http://paris.hostgo.com> (unknown [64.71.164.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sentry-three.sandia.gov<http://sentry-three.sandia.gov> (Postfix) with ESMTPS id 2FAAB528320; Wed, 7 Aug 2013 08:14:14 -0600 (MDT) Received: from localhost ([::1]:36520 helo=paris.hostgo.com) by paris.hostgo.com<http://paris.hostgo.com> with esmtp (Exim 4.80.1) (envelope-from <[email protected]<mailto:[email protected]>>) id 1V74V2-0006YX-Fi; Wed, 07 Aug 2013 10:14:04 -0400 Received: from mail-qa0-f48.google.com<http://mail-qa0-f48.google.com> ([209.85.216.48]:45701) by paris.hostgo.com<http://paris.hostgo.com> with esmtps ( TLSv1:RC4-SHA:128) (Exim 4.80.1) (envelope-from <[email protected]<mailto:[email protected]>>) id 1V74Ux-0006VD-6u for [email protected]<mailto:[email protected]>; Wed, 07 Aug 2013 10:14:00 -0400 Received: by mail-qa0-f48.google.com<http://mail-qa0-f48.google.com> with SMTP id o19so1065879qap.7 for <[email protected]<mailto:[email protected]>>; Wed, 07 Aug 2013 07:13:58 -0700 (PDT) Received: by 10.224.212.66 with HTTP; Wed, 7 Aug 2013 07:13:26 -0700 (PDT) X-Wss-Id: 0MR60CO-0B-12A-02 X-Wss-Id: 0MR5ZSK-0C-069-03 X-Tmwd-Spam-Summary: TS=20130807143136; ID=2; SEV=2.4.5; DFV=B2013080724; IFV=NA; AIF=B2013080724; RPD=8.00.0063; ENG=NA; RPDID=7374723D303030312E30413031303230362E35323032354134392E303032452C73733D312C72653D302E3030302C726563753D302E3030302C726569703D302E3030302C636C3D312C636C643D312C6667733D30; CAT=NONE; CON=NONE; SIG=AAABAMQFAAAAAAAAAAAAAAyDgVYAAAM= X-Tmwd-Spam-Summary: TS=20130807141932; ID=1; SEV=2.4.5; DFV=B2013080724; IFV=NA; AIF=B2013080724; RPD=8.00.0063; ENG=NA; RPDID=7374723D303030312E30413031303230372E35323032353737382E303044372C73733D312C72653D302E3030302C726563753D302E3030302C726569703D302E3030302C636C3D312C636C643D312C6667733D30; CAT=NONE; CON=NONE; SIG=AAAAAAAAAAAAAAAAQEekQwAAAw== X-Tmwd-Ip-Reputation: SIP=12.131.129.86; IPRID=7469643D303030312E30413031303330322E35323032353231302E30303038; CTCLS=R4; CAT=Unknown X-Tmwd-Ip-Reputation: SIP=64.71.164.67; IPRID=7469643D303030312E30413031303330322E35323032353633412E30303935; CTCLS=T2; CAT=Unknown Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:content-type; bh=e7jyvb4NAd80a69Oj48hIRji2W+qHLLjep90NLsEWIw=; b=NpI8ALPi0QSXoAHBP0MSMDBtWnQNZww0/Q5iCLa0ENWo/f0bFgXsCgNfU7uw5E45Va eWbZpCfJVXsqbU/u3KQAd0LocfNRlm/thRaRhp8NMYM5K/TZgR1Q3E7MpRW8DLGr6Qcn 0eD/ee68Vw8QrEdSYZrJlUEAmvDyaabTGOt9xOg6GJS8EiGklsxpOOBtroB6WkAG1dkG OtslZtj9IWv3YDkDQRlNT3FS56EM0CBPkxGKnW8o+GQpTn+AQV4pw/3fNtJlKdK3g3KR dRb2/i9BXckg/PppIKl/GS89NINP/ubcQ2wQ8PlHdzjkCOLNakGckxVHhHxCxLCMk0r+ qq1g== X-Received: by 10.49.76.68 with SMTP id i4mr963894qew.2.1375884836739; Wed, 07 Aug 2013 07:13:56 -0700 (PDT) X-Google-Sender-Auth: dUF5YGMksb1T0tYGHrct3Qi4TA0 Message-Id: <cagapjyfuxsumqhtviddywwwufye4z8no8dxl3-8wrpn6t_o...@mail.gmail.com<mailto:cagapjyfuxsumqhtviddywwwufye4z8no8dxl3-8wrpn6t_o...@mail.gmail.com>> X-Spam-Status: No, score=-2.3 X-Spam-Score: -22 X-Spam-Bar: -- X-Ham-Report: Spam detection software, running on the system "paris.hostgo.com<http://paris.hostgo.com>", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see root\@localhost for details. X-Mef-Scanned: CLEAN Content-Type: text/plain Return-Path: [email protected]<mailto:[email protected]> X-Ms-Exchange-Organization-Authsource: EXCH02.srn.sandia.gov<http://EXCH02.srn.sandia.gov> X-Ms-Exchange-Organization-Authas: Anonymous X-Ms-Exchange-Organization-Scl: 0 X-Ms-Exchange-Organization-Antispam-Report: v=1.1 cv=vlXSKHfvZplZRX9x2vvgWaEGzzJKgW97xtqQYo+ZdXg= c=1 sm=1 a=jDpx29WuEQsA:10 a=wPDyFdB5xvgA:10 a=xqWC_Br6kY4A:10 a=9Zc6gUnS+PR9g6vzQJPDjg==:17 a=7-t7MVIwAAAA:8 a=Q9gjguzfAAAA:8 a=pGLkceISAAAA:8 a=wctRFIENAAAA:8 a=7pMlNqJoAAAA:8 a=z4TGNG1rAAAA:8 a=SrrR6NFsJgR0SH8OYMsA:9 a=mN10d95ihcYA:10 a=dUHvzT4zkI0A:10 a=MSl-tDqOz04A:10 a=LMH-DyN6LR8A:10 a=meBFHBK-isUA:10 a=4p3lELYsGk8A:10 a=kpAqHXzfObQA:10 a=0HjSaam29XZXaXJ4:21 a=1vy9Q92IblchGuU0:21 a=OkpYmSTv7shxIqP+SOO1tA==:117;OrigIP:64.71.164.67;SCL:0 X-Ms-Exchange-Organization-Avstamp-Mailbox: MSFTFF;1;0;0 0 0 Mime-Version: 1.0 Content preview: ∑ and Google say they have no intention of fixing it. http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw ∑ and Google say they have no intention of fixing it. [...] Content analysis details: (-2.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [209.85.216.48 listed in list.dnswl.org<http://list.dnswl.org>] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (rholmes62[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (rholmes62[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Spam-Flag: NO Subject: [FRIAM] =?windows-1252?q?Security_flaw_in_Chrome=85?= X-BeenThere: [email protected]<mailto:[email protected]> X-Mailman-Version: 2.1.15 Precedence: list Reply-to: "The Friday Morning Applied Complexity Coffee Group" <[email protected]<mailto:[email protected]>> List-Id: The Friday Morning Applied Complexity Coffee Group <friam_redfish.com.redfish.com> List-Unsubscribe: <http://redfish.com/mailman/options/friam_redfish.com>, <mailto:[email protected]?subject=unsubscribe> List-Archive: <http://redfish.com/pipermail/friam_redfish.com/> List-Post: <mailto:[email protected]> List-Help: <mailto:[email protected]?subject=help> List-Subscribe: <http://redfish.com/mailman/listinfo/friam_redfish.com>, <mailto:[email protected]?subject=subscribe> Content-Type: multipart/mixed; boundary="===============0038966539546490656==" Errors-To: [email protected]<mailto:[email protected]> Sender: "Friam" <[email protected]<mailto:[email protected]>> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - paris.hostgo.com<http://paris.hostgo.com> X-AntiAbuse: Original Domain - sandia.gov<http://sandia.gov> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - redfish.com<http://redfish.com> X-Get-Message-Sender-Via: paris.hostgo.com<http://paris.hostgo.com>: acl_c_authenticated_local_user: mailman/mailman X-Source: X-Source-Args: X-Source-Dir: --===============0038966539546490656== Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary=047d7bdc94dcf23a5004e35c266a --047d7bdc94dcf23a5004e35c266a Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable =85 and Google say they have no intention of fixing it. http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-se= curity-flaw --047d7bdc94dcf23a5004e35c266a Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">=85 and Google say they have no intention of fixing it.<di= v><br></div><div><a href=3D"http://www.theguardian.com/technology/2013/aug/= 07/google-chrome-password-security-flaw">http://www.theguardian.com/technol= ogy/2013/aug/07/google-chrome-password-security-flaw</a><br> </div><div><br></div></div> --047d7bdc94dcf23a5004e35c266a-- --===============0038966539546490656== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com --===============0038966539546490656==--
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
