Not to mention that this service simply will not work with some destination
addresses that check if the sending MTA is authorized to send on behalf of the
sending addresses domain. This list is a perfect example. I found out
somewhat accidentally that this list uses spa when some asshat spammer tried
bombing it with my email address.
One little problem for the asshat: this list uses spa and so does
blackberry.net therefore the way I found out was when the list sent me
(correctly) rejected email messages saying that blackberry.net does not
authorize <some server> to send using addresses bearing its domain name. Oh
well, sucks to be an asshat spammer.
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message-----
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
Date: Sun, 30 Sep 2007 23:19:20
To:full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Testing DidTheyReadIt.com
Juha-Matti Laurio to Thierry Zoller:
[un-top-posted]
Just a sample test of how many of you read this email. Let's see how
good it performs for mailinglists and what comes out.
Your headers etc. doesn't state that this service is in use.
Maybe not _directly_, but comparing Received: headers in other Email
Thierry has sent to Full-Disclosure from his @Zoller.lu address, you
quickly see that hyperion.vo.lu is usually (??) the machine that
injects such messages into the mail chain, whereas "his" test message
was injected by colibri.e-mail-servers.com
Aside from being totally useless "against" those who use text-only
MUAs, this kind of service is generally useless because increasingly,
even vendors like MS realize that user privacy is actually somewhat
important and increasingly make NOT retrieving remote images (and other
content) in "rich text" Emails the default, rather than just providing
an option to turn off such attrocities should the user be aware enough
to go looking for such an option...
This is an example of a service that, in general, should not work, and
in future will be increasingly more useless, I think.
In the meantime, all (???) those using it should be asking what kind of
data leakage they are exposing themselves to, through possible message
content scanning and sender/receiver address usage patterns, among
others.
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
