On 07/24/2018 06:51 PM, Mark Sapiro wrote:
The stolen address books were used to send phishing emails purportedly
from the owner of the address book the the addresses in the book.
I.e., a message From: a_known_fri...@yahoo.com saying things look at
this great thing I found and a URL to evilsite.com.
Trivial to harvest addresses, but not trivial to know a known associate
to send the mail From:.
I hadn't thought about the association of the metadata. Thank you for
clarifying.
I do question how much more spam was sent by stealing address books from
large providers compared to viruses / malware doing the same with
address books on infected machines.
In this context, the innocents are subscribers to mailing lists who
find themselves unsubscribed by bounce processing because their ISPs
reject list posts From: other_us...@yahoo.com and the operators of those
mailing lists.
Indeed, unfortunately "friendly fire". :-/
Of course, you seem to feel that these lists were wrong from the beginning
for not claiming authorship of the posts by replacing the From: header,
Yes, that's in line with my current view.
but at the time, this wasn't even an option for most lists.
Lack of an option does not preclude the need for it.
Similarly, ignorance of an option does not preclude the need for it.
Admittedly, I've long struggled with how I thought discussion mailing
lists should behave. Originally I hadn't given any thought to munging
the From: like is suggested for DMARC. That being said, I did want to
direct replies back to the discussion list.
--
Grant. . . .
unix || die
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
