Sean Lynch: > Of course, this is all unglamorous work > that's hard to get volunteers to do > unless they're really passionate Or getting
------------------------------------------------------------------------ -------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit.ly/k37rpz> CLICK HERE => <http://bit.ly/k37rpz> IP address of the sender:85.25.103.119 <http://www.maxmind.com/en/geoip_demo> Message ID= 315861 ------------------------------------------------------------------------ -------------------------------- paid, fucker. ------------------------------------------------------------------------ -------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit.ly/k37rpz> CLICK HERE => <http://bit.ly/k37rpz> Message ID= 315861 ------------------------------------------------------------------------ --------------------------------
This email was sent via Anonymous email service for free.
IP address of the sender:85.25.103.119
One gets what they pay for.... MaxMind=Cloudflare and a guy named Registry Registrant ID: Registrant Name: Thomas Mather Registrant Organization: MaxMind Inc Registrant Street: 14 Spring Street Registrant City: Waltham Registrant State/Province: MA Registrant Postal Code: 02451 Registrant Country: US Registrant Phone: +1.6175004493 Registrant Phone Ext: Registrant Fax: +1.8153018737 Registrant Fax Ext: Registrant Email: http://whois.domaintools.com/maxmind.com "Mr. Thomas J. Mather serves as Founder, Chief Executive Officer, and President at MaxMind, Inc. Before founding MaxMind, Mr. Mather worked as a software engineer at Longitude, where he helped develop a system for parimutuel derivative auctions. His passion lies in improving MaxMind's fraud detection technology." http://www.bloomberg.com/Research/stocks/private/person.asp?personId=114650783&privcapId=114650356&previousCapId=114650356&previousTitle=MaxMind,%20Inc. http://www.longitude.com/en/ Rr On 09/21/2016 03:41 AM, juan wrote:
-------------------------------------------------------------------------------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit. ly/k37rpz> CLICK HERE => <http://bit. ly/k37rpz> IP address of the sender:85. 25. 103. 119 <http://www.maxmind.com/en/geoip_demo> Message ID= 315861 --------------------------------------------------------------------------------------------------------
Sean Lynch: > Of course, this is all unglamorous work > that's hard to get volunteers to do > unless they're really passionate Or getting paid, fucker.
-------------------------------------------------------------------------------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit.ly/k37rpz> CLICK HERE => <http://bit.ly/k37rpz> Message ID= 315861 --------------------------------------------------------------------------------------------------------
I didn't send the message quoted below, so I'm wondering how the spoofing was done this time... -------------------------- On Wed, 21 Sep 2016 13:41:59 +0300 "juan" <juan.g71@gmail.com> wrote:
------------------------------------------------------------------------ -------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit.ly/k37rpz> CLICK HERE => <http://bit.ly/k37rpz> IP address of the sender:85.25.103.119 <http://www.maxmind.com/en/geoip_demo> Message ID= 315861 ------------------------------------------------------------------------ --------------------------------
Sean Lynch: > Of course, this is all unglamorous work > that's hard to get volunteers to do > unless they're really passionate Or getting paid, fucker.
------------------------------------------------------------------------ -------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit.ly/k37rpz> CLICK HERE => <http://bit.ly/k37rpz> Message ID= 315861 ------------------------------------------------------------------------ --------------------------------
Someone bounced it through mail05.parking.ru, probably using the interface at: http://mail05.parking.ru/Login.aspx trivial to forge envelope headers... the list server bitched about the invalid SPF, and also seemed to greylist it, but it still came through X-Greylist: delayed 905 seconds by postgrey-1.34 at mail; Wed, 21 Sep 2016 03:57:33 PDT Received-SPF: Softfail (domain owner discourages use of this host) identity=mailfrom; client-ip=195.128.120.25; helo=mail05.parking.ru; envelope-from=juan.g71@gmail.com; receiver=cypherpunks@lists.cpunks.org Received: from mail05.parking.ru (mail05.parking.ru [195.128.120.25]) by pglaf.org (Postfix) with ESMTP id A35D611C0539 for <cypherpunks@lists.cpunks.org>; Wed, 21 Sep 2016 03:57:33 -0700 (PDT) Received: from web38 [195.128.121.111] by mail05.parking.ru with SMTP; Wed, 21 Sep 2016 13:41:59 +0300 John On Wed, Sep 21, 2016 at 04:10:59PM -0300, juan wrote:
I didn't send the message quoted below, so I'm wondering how the spoofing was done this time...
--------------------------
On Wed, 21 Sep 2016 13:41:59 +0300 "juan" <juan.g71@gmail.com> wrote:
------------------------------------------------------------------------ -------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit.ly/k37rpz> CLICK HERE => <http://bit.ly/k37rpz> IP address of the sender:85.25.103.119 <http://www.maxmind.com/en/geoip_demo> Message ID= 315861 ------------------------------------------------------------------------ --------------------------------
Sean Lynch: > Of course, this is all unglamorous work > that's hard to get volunteers to do > unless they're really passionate Or getting paid, fucker.
------------------------------------------------------------------------ -------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit.ly/k37rpz> CLICK HERE => <http://bit.ly/k37rpz> Message ID= 315861 ------------------------------------------------------------------------ --------------------------------
I'll note in the headers for the forged message: Received: from pglaf.org ([127.0.0.1]) by localhost (mail.pglaf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q3dJbRQr1ULg for <cypherpunks@lists.cpunks.org>; Wed, 21 Sep 2016 03:57:34 -0700 (PDT) X-Greylist: delayed 905 seconds by postgrey-1.34 at mail; Wed, 21 Sep 2016 03:57:33 PDT Received-SPF: Softfail (domain owner discourages use of this host) identity=mailfrom; client-ip=195.128.120.25; helo=mail05.parking.ru; envelope-from=juan.g71@gmail.com; receiver=cypherpunks@lists.cpunks.org Received: from mail05.parking.ru (mail05.parking.ru [195.128.120.25]) by pglaf.org (Postfix) with ESMTP id A35D611C0539 for <cypherpunks@lists.cpunks.org>; Wed, 21 Sep 2016 03:57:33 -0700 (PDT) Received: from web38 [195.128.121.111] by mail05.parking.ru with SMTP; Wed, 21 Sep 2016 13:41:59 +0300 The originating smtp relay server was apparently mail05.parking.ru. The Received-SPF (presumably from pglaf.org, the cypherpunks list host) grey listed the message due to an SPF fail, instead of rejecting the message, which would have prevented this message from being distributed to the list. On 09/21/16 16:10 -0300, juan wrote:
I didn't send the message quoted below, so I'm wondering how the spoofing was done this time...
Sean Lynch: > Of course, this is all unglamorous work > that's hard to get volunteers to do > unless they're really passionate Or getting paid, fucker.
------------------------------------------------------------------------ -------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit.ly/k37rpz> CLICK HERE => <http://bit.ly/k37rpz> Message ID= 315861 ------------------------------------------------------------------------ --------------------------------
-- Dan White
On 09/21/2016 12:25 PM, Dan White wrote:
I'll note in the headers for the forged message:
Received: from pglaf.org ([127.0.0.1]) by localhost (mail.pglaf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q3dJbRQr1ULg for <cypherpunks@lists.cpunks.org>; Wed, 21 Sep 2016 03:57:34 -0700 (PDT) X-Greylist: delayed 905 seconds by postgrey-1.34 at mail; Wed, 21 Sep 2016 03:57:33 PDT Received-SPF: Softfail (domain owner discourages use of this host) identity=mailfrom; client-ip=195.128.120.25; helo=mail05.parking.ru; envelope-from=juan.g71@gmail.com; receiver=cypherpunks@lists.cpunks.org Received: from mail05.parking.ru (mail05.parking.ru [195.128.120.25]) by pglaf.org (Postfix) with ESMTP id A35D611C0539 for <cypherpunks@lists.cpunks.org>; Wed, 21 Sep 2016 03:57:33 -0700 (PDT) Received: from web38 [195.128.121.111] by mail05.parking.ru with SMTP; Wed, 21 Sep 2016 13:41:59 +0300
The originating smtp relay server was apparently mail05.parking.ru. The Received-SPF (presumably from pglaf.org, the cypherpunks list host) grey listed the message due to an SPF fail, instead of rejecting the message, which would have prevented this message from being distributed to the list.
On 09/21/16 16:10 -0300, juan wrote:
I didn't send the message quoted below, so I'm wondering how the spoofing was done this time...
Sean Lynch: > Of course, this is all unglamorous work > that's hard to get volunteers to do > unless they're really passionate Or getting paid, fucker.
------------------------------------------------------------------------ -------------------------------- This email was sent via Anonymous email service for free. YOU CAN REMOVE THIS TEXT MESSAGE BY BEING A PAID MEMBER FOR $19/year. <http://bit.ly/k37rpz> CLICK HERE => <http://bit.ly/k37rpz> Message ID= 315861 ------------------------------------------------------------------------ --------------------------------
I accidentally spoofed pglaf.org one day mailing to this list just a short while back by using Thunderbird > "Edit as new" on an older message sent from another address at pglaf.org. I wiped the From: field and inserting my correct email at riseup. It appeared to be delivered from my correct username@pglaf.org. Rr
participants (4)
-
Dan White -
John Newman -
juan -
Razer