- From: Gerald Oskoboiny <gerald@w3.org>
- Date: Sat, 10 Mar 2012 00:40:31 +0000
- To: Cameron McCormack <cam@mcc.id.au>
- Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Charles Pritchard <chuck@jumis.com>, public-html@w3.org, sysreq@w3.org
* Cameron McCormack <cam@mcc.id.au> [2012-03-10 11:18+1100] > Tab Atkins Jr.: > >what is this i dont even > > Same happened here, very odd: > > http://lists.w3.org/Archives/Public/www-dom/2012JanMar/0152.html Looks like some spammer copied an old message from our archives [1] to make it look legit, then added their spam URIs to the .sig. I will block the offending relay and mark their messages as spam in our archives. People who are interested in preventing forgeries in their name can set a Forgeproofing pattern for their W3C account using the profile editor, https://www.w3.org/Systems/db/userInfo Note that the recommended forgeproofing pattern (family name) would not have helped in this case because the entire From: header was forged, so it may be time to get more creative with forgeproofing patterns. Using '^Received-SPF: pass' as the pattern would have prevented both these forgeries. (but won't help for sites that haven't deployed SPF) [1] http://lists.w3.org/Archives/Public/public-ws-semann/2006Apr/0000.html -- Gerald Oskoboiny <gerald@w3.org> http://www.w3.org/People/Gerald/ tel:+1-604-906-1232 (mobile)
Received on Saturday, 10 March 2012 00:50:24 UTC