Hi there,
If you site is running censorware, extremely poor anti-spam, or badly
configured anti-virus software, you will be removed from the
webappsec mail list without any warning. In the past few days, I've
received bounces to the mail list address which should never exist:
a) A possible CSRF attack site masquerading as a support ticketing
gateway
b) Someone in Brazil with crap anti-spam software requiring us to
click a link. No thanks, buddy.
c) In the last day or two, some site from Uruguay running censorware
which is banning all our posts... but telling the mail list instead
of the poor sap behind the censorware gateway. If I was the poor sap,
I'd take the thought police out the back and introduce them to my
nice shiny rubber hose and copies of the Yellow pages
d) and lastly, a beautifully formatted ... something ... written
entirely in Korean which I cannot decipher
The rules for SMTP gateway configuration are simple:
* SMTP software acting on your behalf should send reports to you or
your site's thought police, no one else
* Do not allow mail software to e-mail this or any other list
We have a lot of subscribers, and there's absolutely no reason for
all of us to be affected by your site's decision to run appalling,
badly written, badly configured "software".
Andrew
ps. In some good news, we were not too heavily afflicted by vacation
messages during the busy Lemon Cup Cake Holiday season. Thank you for
that. :)
-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
