Dear friend,

Jonathan Stowe jns at
Mon Oct 20 10:24:29 BST 2008

2008/10/20 Paul Makepeace <paulm at>:
> On Sun, Oct 19, 2008 at 8:11 AM, Jonathan Stowe
> <jns at>wrote:
>> On Sat, 2008-10-18 at 14:27 +0100, Martin A. Brooks wrote:
>> > Jonathan Stowe wrote:
>> > > Anyone know a good way of stopping joe-jobbed spam which doesn't
>> involve
>> > > spf and stuff ?
>> > >
>> >
>> > Don't have a catchall.
>> >
>> That doesn't solve the particular problem here.  You lot don't see most
>> of the spam that gets sent to because it never gets past
>> the mailling list software, someone goes in an deletes it all every once
>> in a while.  However in this case the spam was sent as coming from
>> someone who was subscribed to the list thus goes straight through.
>> Apparently this kind of thing can be caused by a potential XSS
>> vulnerability in gmail so might become more common.
> Wow, those guys are clever these days. They can exploit _potential_
> vulnerabilities as opposed to actual real ones!

Well looking at the original message more carefully, unless Tielman is
actually the spammer himself, then there does appear to be a way of
causing gmail to send messages as a third party to everyone in that
third party's contact list.

More information about the mailing list