Return-Path: Delivered-To: apmail-cocoon-dev-archive@www.apache.org Received: (qmail 99765 invoked from network); 31 Mar 2004 18:08:18 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 31 Mar 2004 18:08:18 -0000 Received: (qmail 56566 invoked by uid 500); 31 Mar 2004 18:08:07 -0000 Delivered-To: apmail-cocoon-dev-archive@cocoon.apache.org Received: (qmail 56510 invoked by uid 500); 31 Mar 2004 18:08:06 -0000 Mailing-List: contact dev-help@cocoon.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: dev@cocoon.apache.org Delivered-To: mailing list dev@cocoon.apache.org Delivered-To: moderator for dev@cocoon.apache.org Received: (qmail 21443 invoked from network); 31 Mar 2004 17:53:31 -0000 Message-ID: <406B059E.2010607@apache.org> Date: Wed, 31 Mar 2004 09:53:34 -0800 From: Craig McClanahan User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tony Collen Cc: dev@cocoon.apache.org, Apache Infrastructure Subject: Re: Email account utilization warning. References: <406B00BD.6070807@apache.org> <406B02CF.7030604@umn.edu> In-Reply-To: <406B02CF.7030604@umn.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Tony Collen wrote: > Stefano Mazzocchi wrote: > >> management@apache.org wrote: >> >>> Dear user of Apache.org, >>> >>> Your e-mail account will be disabled because of improper using >>> in next >>> three days, if you are still wishing to use it, please, resign your >>> account information. >>> >>> For further details see the attach. >>> >>> For security reasons attached file is password protected. The >>> password is "04168". >>> >>> The Management, >>> The Apache.org team >>> http://www.apache.org >> >> >> >> How did this get here? >> > > Some virus infected person, probably. I get spoofed virus emails > which appear to come from @apache.org a lot, most of the return > addresses are people on the cocoon lists, which means someone on the > lists is infected and doesn't know it. > > We should really track this down. > Unfortunately, it's not quite that easy. There's no guarantee that it's really a subscriber to the cocoon lists that is infected ... it could be anyone who has the email address of a cocoon list subscriber visible for harvesting by the virus. Basically, you just have to assume that the "From" address on any email is potentially a myth ... unfortunately, that's what mailing lists use to authenticate subscribers, and what naive users use to validate the source of a message. > Tony Craig McClanahan