Hi Doug! Well, you surely can spoof your from address when subscribing to a list. But every list I know (and suse-kde, too) needs that you are able to _get_ the first email from the mailing list manager and respond to it before you are subscribed... So you can send a subscription request stating you are billy@microsoft.com. But then the mail with the activation code will be sent to billy@microsoft.com and you will never get it and you can never complete the registration. I think that someone very funny has subscribed and after that activated a mail forward to an address like support@freeent.de. Relly very, very funny...... Greets, Daniel Douglas B. Wise schrieb am 01.01.2005 04:00:
An observation and a question: The question is perhaps slightly off topic (please forgive)...
I choose moron on the auto-reply issue... I get about 5 of such everytime I post a message at work on a particular discussion group... It's pretty easy to get your email anywhere in the world these days if it is really so important to reply right away. Otherwise it should wait until you get back...
I tend to see the other consideration as something more sinister... Couldn't the senders address and reply to links also be "spoofed"? We have had a lot of that at work... Usually with infected attachments or html links to some rogue server trying to hack your lookout or windoze exploder... Lately some idiot/theif has been sending stuff to me pretending to be me. How stupid can you get? Some of the sender IP addresses also have been faked (not just the from line). Others were traced back to a broadband network somewhere in the Phillipines...
Isn't it true that all someone really needs to do is subscribe to the group, then pull all the addresses from postings so they can spam everyone (perhaps from a different address)? They could pretend to be me, you, any corporation, or anyone who ever posted while they were subscribed.... While we are largely immune from normal hacks and viruses (It's all about the Linux!), poor judgement might lead anyone to give away sensitive information in an elaborate html based email spoof... Some spoofs hyperlink you to a website (even the address is a spoof) which is cloned from a well known bank or investment company. I suppose that all you need is one out of a hundred to fall for it and you have succeeded.
Could this be something like that?
"Just because I'm paranoid it doesn't mean everybody's not out to get me..." ;-)
Cheers,
Doug
daniel.eckl@gmx.de wrote:
Huuuuuh.... That's an orwellish worst case scenario..... I love it ;)
@suse list admins: I suggest searching the member's email addresses for officially sounding addresses from freenet.de like the examples service@, support@, webmaster@freenet.de
Greets, Daniel
Am Montag, 27. Dezember 2004 21:01 schrieb Paul Foerster:
Hi Daniel,
But the second question is: How can this be? As someone hast to fetch those messages to complete subscription, I cannot think of a way, the subscriber could confirm the request......
... intercepting messages is only possible for a sysadmin. But if this is the case then freenet.de has some serious privacy problems... -- cul8er
Paul paul.foerster@gmail.com