jns at integration-house.com
Mon Oct 20 10:24:29 BST 2008
2008/10/20 Paul Makepeace <paulm at paulm.com>:
> On Sun, Oct 19, 2008 at 8:11 AM, Jonathan Stowe
> <jns at integration-house.com>wrote:
>> On Sat, 2008-10-18 at 14:27 +0100, Martin A. Brooks wrote:
>> > Jonathan Stowe wrote:
>> > > Anyone know a good way of stopping joe-jobbed spam which doesn't
>> > > spf and stuff ?
>> > >
>> > Don't have a catchall.
>> That doesn't solve the particular problem here. You lot don't see most
>> of the spam that gets sent to london.pm.org because it never gets past
>> the mailling list software, someone goes in an deletes it all every once
>> in a while. However in this case the spam was sent as coming from
>> someone who was subscribed to the list thus goes straight through.
>> Apparently this kind of thing can be caused by a potential XSS
>> vulnerability in gmail so might become more common.
> Wow, those guys are clever these days. They can exploit _potential_
> vulnerabilities as opposed to actual real ones!
Well looking at the original message more carefully, unless Tielman is
actually the spammer himself, then there does appear to be a way of
causing gmail to send messages as a third party to everyone in that
third party's contact list.
More information about the london.pm