Chronology	Current Month	Current Thread	Current Date
[Year List] [Month List (current year)]	[Date Index] [Thread Index]	[Thread Prev] [Thread Next]	[Date Prev] [Date Next]

[Phys-L] Phys-L and recent SPAM

From: Mark Kimball <phydocmarko@gmail.com>
Date: Wed, 15 Feb 2017 12:22:56 +0000

Hi Folks --

Executive summary: If you get phys-l messages today but not tomorrow,
please contact me OFF LIST so we can debug the situation.

1) There are lots of ways to forge email. Not just the body
of the message, but all fields in the headers can be forged.
That includes the "From: sender" and "To: recipient" headers.

2) Lately a nasty bot has been sending spam that affects us.

2a) Some was sent directly to individual subscribers, forging
the sender field to match some other individual.

2b) Some was sent via the phys-l server, forging the sender
field to match a list subscriber.

2c) Some was sent directly to individual subscribers, forging
the sender field to match the list address.

3a) There is nothing that phys-l.org can do directly to prevent
bogus mail to individuals, pretending to come from another
individual. Y'all have to arrange your own defenses for this.
We can discuss methods if anybody wants, but let's split that
into a separate thread.

3b) Steps have been taken to make the server more skeptical of
incoming submissions.

3c) For mail purporting to come from the server, if in doubt
you can easily check the archives:

https://www.phys-l.org/archives/
https://www.phys-l.org/archives/current_month.html

If the message doesn't appear there, it wasn't sent by the phys-l server.
In addition, there are plans afoot to use SPF to make it more difficult for
spammers to forge the phys-l name.

https://en.wikipedia.org/wiki/Sender_Policy_Framework

However, this involves some risk. It will break delivery of legitimate
phys-l traffic to any subscribers who match the following:
-- get mail /forwarded/ by an old, low-tech server, and
-- check SPF after forwarding, not before.

https://en.wikipedia.org/wiki/Sender_Policy_Framework#FAIL_and_forwarding

We hope there are no subscribers in that category. If you had
this problem, you would have noticed already, because it would
break email from innumerable senders other than phys-l. However, out of an
abundance of caution, we will test for that possibility, as follows:

We will turn on SPF tonight, and send a test message tomorrow. If you get
mail from phys-l today but not tomorrow, it could be an SPF issue. Please
contact me OFF LIST so we can devise some sort of workaround. I expect the
test message to be sent early tomorrow morning Eastern Standard Time.

In particular, save this email *including all headers* to a file, so we can
refer to it later if necessary.

Sincerely,
Mark Kimball, Administrator
with much assistance from John Denker
Phys-L.org

Prev by Date: Re: [Phys-L] Fw: (no subject)
Next by Date: [Phys-L] science fair : serendipitous ants
Previous by thread: Re: [Phys-L] Fw: (no subject)
Next by thread: [Phys-L] science fair : serendipitous ants
Index(es):
- Date
- Thread