Author

Topic: . (Read 2187 times)

legendary
Activity: 1288
Merit: 1227
Away on an extended break
.
August 15, 2013, 10:44:27 AM
#20
PS: Can you post the entire email header here (taking out your email addy if you want)


LOL. Theymos sounds like my Nigerian prince promising me my own island!
Hey you got the same donation address as me. Must be a coincidence related to the bad random generator on Android

What? Huh

I'm afraid you missed a joke...

Oops, was too tired when I posted this. Tongue
donator
Activity: 1419
Merit: 1015
August 15, 2013, 10:20:50 AM
#19
Quote
Received: from wl23-f168.wedos.net (wl23-f168.wedos.net. [2a02:2b88:1:4::27])
        by mx.google.com with ESMTPS id t9si28084548eeo.35.2013.08.12.08.32.26
        for <[email protected]>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Mon, 12 Aug 2013 08:32:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 2a02:2b88:1:4::27 as permitted sender) client-ip=2a02:2b88:1:4::27;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of [email protected] designates 2a02:2b88:1:4::27 as permitted sender) [email protected]

Why is Google accepting a random IPv6 address as a legitimate sender for @bitcointalk.org when the spf record for bitcointalk.org only designates its MX servers (presumably IPv4 addresses) as valid?

Bitcointalk.org SPF:
Quote
v=spf1 mx a ~all

For what its worth, I didn't receive this email and I've checked my spam folders to verify.

Maybe this is an argument for going back to doing a hard fail using "-all" instead of the soft fail on "~all".

It's weird Google doesn't even consider this email the least bit suspicious though. It just says "spf-pass" like there's nothing wrong, using wedos.net as the authenticating domain even though the Reply-To: and From: are clearly from a domain NOT associated with wedos.net.
legendary
Activity: 858
Merit: 1000
August 15, 2013, 08:42:30 AM
#18
I wish donator stats were that cheap.  Tongue
sr. member
Activity: 252
Merit: 250
August 15, 2013, 02:38:04 AM
#17
I didn't realize we could contact theymos by email! (not that I would ever have occasion to)
legendary
Activity: 1526
Merit: 1134
August 13, 2013, 08:54:34 AM
#16
There's a simple way to shut down this kind of phish: implement DKIM and DMARC.

Firstly, you make sure all mail being sent by bitcointalk.org is DKIM signed. It just boils down to configuring your SMTP server and DNS, more or less. Then all mail is cryptographically signed automatically.

Secondly, add another DNS TXT record that specifies a DMARC policy:

http://www.dmarc.org/overview.html

That tells mail engines that understand the protocol that bitcointalk.org should only be sending DKIM signed mail. You can also request reporting. Once you have that configured, compliant mail systems (like gmail and yahoo mail) can be told to automatically spamfolder any forged mail and mail a copy back to you, so you find out about phishing attempts immediately.

legendary
Activity: 1511
Merit: 1072
quack
August 12, 2013, 11:47:09 PM
#15
PS: Can you post the entire email header here (taking out your email addy if you want)


LOL. Theymos sounds like my Nigerian prince promising me my own island!
Hey you got the same donation address as me. Must be a coincidence related to the bad random generator on Android

What? Huh

I'm afraid you missed a joke...
vgo
legendary
Activity: 2072
Merit: 1019
August 12, 2013, 05:42:54 PM
#14
I've received in Gmail.
Because your email is on your profile.

Obvious.
legendary
Activity: 1274
Merit: 1004
August 12, 2013, 05:06:43 PM
#13
I've received in Gmail.
Because your email is on your profile.
vgo
legendary
Activity: 2072
Merit: 1019
August 12, 2013, 04:41:47 PM
#12
I've received in Gmail.
legendary
Activity: 1274
Merit: 1004
August 12, 2013, 01:04:54 PM
#11
If it's a mass mail, someone should send 0.00000001 without fees to that address with a warning note like "IT'S A SCAM" and this thread's link. Grin
administrator
Activity: 5222
Merit: 13032
August 12, 2013, 01:01:43 PM
#10
Surprisingly, no one tried actually replying to the email. If they had, they would have reached me. (This is not a good way of contacting me, though -- I may disable [email protected] in the future.)
qwk
donator
Activity: 3542
Merit: 3413
Shitcoin Minimalist
August 12, 2013, 12:52:35 PM
#9
That's one of the reasons why I'd not recommend making your email address public on a web forum.
IT just makes you an easy target for SCAM-SPAM.


CONTRIBUTOR BENEFITS
- 0.1+ BTC = Donors crown before nick (everywhere your username is shown)

A Donator's crown would suit me nice, though Cheesy

And while I'm dreaming, I'd like to have a pony.
administrator
Activity: 5222
Merit: 13032
August 12, 2013, 12:43:29 PM
#8
No, I didn't send that.
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
August 12, 2013, 12:00:19 PM
#7
Simple address spoof; not legitimate.

Also the forum is drowning in BTC right now.
legendary
Activity: 2786
Merit: 1031
August 12, 2013, 11:59:58 AM
#6
I haven't receive it (yet), people who receive this email have their email address made public? Any reports of a database compromised or BitcoinTalk?
legendary
Activity: 1288
Merit: 1227
Away on an extended break
August 12, 2013, 11:09:28 AM
#5
PS: Can you post the entire email header here (taking out your email addy if you want)


LOL. Theymos sounds like my Nigerian prince promising me my own island!
Hey you got the same donation address as me. Must be a coincidence related to the bad random generator on Android

What? Huh
Jan
legendary
Activity: 1043
Merit: 1002
August 12, 2013, 11:07:35 AM
#4
LOL. Theymos sounds like my Nigerian prince promising me my own island!
Hey you got the same donation address as me. Must be a coincidence related to the bad random generator on Android
legendary
Activity: 1288
Merit: 1227
Away on an extended break
August 12, 2013, 10:57:52 AM
#3
LOL. Theymos sounds like my Nigerian prince promising me my own island!
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
August 12, 2013, 10:54:01 AM
#2
No.
legendary
Activity: 952
Merit: 1000
August 12, 2013, 10:52:49 AM
#1
.
Jump to: