On Tue, May 8, 2012 at 9:21 AM, Bill Dillinger <[email protected]> wrote: > I hope this is an appropriate idea to put forward and that it is OK to post > it here. I can not always clearly identify the subject or author of an email > from ooo-users as being from that list. I have always read that, for > security, one should not open mail one does not expect from an unknown > author. To reduce this problem other mail lists I am on precede the subject > with the name of the group in square brackets when sending the mail to the > group, as example [ooo-users] or perhaps in our case simply [OOo] as some > seem to use. If the list would do this I would be much more comfortable > opening emails with subject lines and authors I don't recognize. >
This is not really the best current advice. A few thoughts: 1) What makes you think that someone cannot post a malicious file to this mailing list? 2) OK. maybe this list strips out attachments and does not forward them. But in general, mailing lists are not secured against malicious file attachments. 3) What prevents someone from sending out emails containing a malicious file but they bypass the list and just type [OOo] in the header. Such 'phishing' attacks via email are quite common. 4) But you might say that this list is so small and obscure, that it would not be worth someone's time to send out spam pretending to be from [OOo]. It is not like we're a large bank or some other retailer typically spoofed in phishing attacks. But then there is "spear phishing', where someone goes specifically after you. They search the web and see that you are posting to this list, so when they send you the malicious file they make it look like it is coming from a source familiar to you, a familiar list, or even a familiar person. This happens more times than you might think. So best practice is not to open unexpected file attachments, even from people you know. It might not really be from them. Don't rely on "recognition" of names or lists. Those are trivial to fake. Digital signatures can also help, but not everyone uses them. -Rob --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
