Daniel Fischer wrote:
Just for the record, not a newcomer, and has non-spam messages
Conrad Parker wrote:
There was a recent hotmail exploit, with people reporting their account sent spam...
No exploit is needed. It is trivial for an impostor to seem as if he is sending email from someone else's account, and spammers do that all the time. There is nothing special about Hotmail. There are some ways to detect that kind of fraud. One method is SPF, which is currently being pushed by Google and some other email providers: http://openspf.org/ Unfortunately, Mailman, or at least the version we are currently using on all of our servers, does not support this AFAIK. In fact, our domains do not even have SPF records themselves yet. So all mail from our mailing lists is flagged as suspicious by Google and many other providers. I hope that will be fixed soon. It's true, even when a system like SPF is in place, it is still possible to bypass it by breaking in to an email account and actually sending the spam from there. But we have not yet reached the point where such an exploit is even needed. For now, we are just relying on the classic method of using a server-side spam filter. This incident seems to have gotten past that. Thanks, Yitz