On Mon, Apr 4, 2016 at 4:28 PM, Johann v. Preu?en <jvp at forthepolls.org> wrote: > i am not certain i understand how it is google's fault that this > owenevans98|Dawn was able to slip into the listserv database. this is, of > course, assuming that this was not done via a simple sign-up. i also do not > understand how prohibiting a posting (content, infra) that obfuscates a > message within a host of symbols with a net zero percent of prose and 100% > anchor description is responding to some sort of a "fad". this list is re > problems and solutions that can only be conveyed in prose ... no prose == no > message. and permitting private anchors is also a questionable security > practice. it does not seem unreasonable to require anchors to be to > recognized sandbox sites or -- much better -- to an openssl-operated one. Yeah, this particular message looks like classic spam (headers available at http://groups.google.com/forum/#!original/mailing.openssl.users/eXD0UYueasw/jsZtjTLPCQAJ). When the spam was getting through, I checked some of the headers and most were coming from Gmail users. See, for example, http://pastebin.com/hRAtRt7S. That particular message likely had its spam score lowered because of the DKIM signing. I was also contacted offlist for the spam I was sending. I saw the headers on two of the messages, and they clearly were from me and submitted through Google's web interface. They looked just like the headers in http://pastebin.com/hRAtRt7S. I did not send them, and they did not show up in my Outbox. Its the reason I'm guessing Google services had a vulnerability that was silently patched. Jeff
