LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: message from a strange address on a listserv

Hal Keen <[log in to unmask]>

Mon, 25 Jun 2018 17:25:54 -0500

text/plain (53 lines)

Russ,

> I had a message posted to a list I own that was clearly spam, or a
> phishing expedition. It was identified as from a subscriber, but when I
> looked to see the return address, it was "on behalf of" this:
>
> [log in to unmask]

This is a replacement address generated by Listserv because some
domains--including Yahoo, I believe--have set up DMARC instructions that
obstruct delivery through lists of any messages that originate in those
domains. This address is not particularly helpful, but it is legitimate.

> In the list archive, it's identified as coming from his actual address, on
> yahoo. He didn't send it, for sure. The message content is simply a link,
> to a company which does seem to exist but which looks, um, questionable to
> me.

Yahoo committed some cardinal sins regarding security of user accounts, some
time ago. They allowed some accounts to be taken over by spammers, unless
the real owners acted quickly to change their passwords. And they weren't
very timely in notifying the users, either.

When you say "He didn't send it, for sure," are you basing that on your
confidence in the subscriber, or on actual communication with him? Not that
I doubt the basis for your confidence, but it's possible his entire
subscribed account is no longer under his control. I would at least put that
subscription on REVIEW until that question is settled.

> I'm not sure where the "on behalf of" information comes from; it might be
> Outlook, which is the mail program I've been reduced to using, and which I
> detest, partly because it hides actual email addresses.

I've seen the "on behalf of" labeling at times, but I'm not certain where
it's generated. Perhaps someone else can enlighten us.

> Has anyone else encountered something like this?

The sole spam message ever delivered by one of my lists, in the 14 years
since our conversion to Listserv, originated from a Yahoo account taken over
by a spammer. Other than the DMARC-circumventing dummy address, which is now
normal for messages from Yahoo, the situation seems similar.

Hal Keen


############################

To unsubscribe from the LSTOWN-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTOWN-L&A=1

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM