RE: WARNING: Yet another virus sent by 'Wendy'

>> The originating server is the same as last time with IP Address
>> 71.33.69.206.  Copy of my previous message below.
>> Can I suggest that someone at W3 ask your IT guys to block 
>> this IP address on your firewall.

> FYI someone from our system says that it's not a good suggestion to 
> blacklist anything sent from this ip because that particular 
> mail server may be serving other W3C participants.

I understand that spam (and viruses) spoof email headers to make it look to *me* like an email is from someone in my address book.  How is it that the W3C listserv is so easily fooled?  I am assuming the email is really coming from someone who is legitimately subscribed, just not Wendy.  Did the virus just get lucky to pick Wendy?  Did it have to be someone at w3.org to get through?

I notice this line in the headers:

Received-SPF: softfail (lisa.w3.org: transitioning domain of wendy@w3.org does
	not designate 71.33.69.206 as permitted sender)

It would have been nice if that error had been a hardfail and not a softfail!

Received on Monday, 11 April 2005 20:21:19 UTC