Fedora 20 updates-testing report
Adam Williamson
awilliam at redhat.com
Mon Oct 7 19:56:46 UTC 2013
On Tue, 2013-10-08 at 00:14 +0800, Christopher Meng wrote:
> Your mail:
>
> The sender's account may have been compromised and used to send
> malicious messages. If this message seems suspicious, let us know and
> then alert the sender as well (in some way other than email).
Well, that's kind of a weird message. updates at fedoraproject isn't really
an 'account', just a sender identity. As we all know, those are trivial
to forge (at least superficially). fedoraproject.org does not implement
SPF or DKIM so far as I can see, so it's not as if google could see that
spam that appeared to be coming from updates at fp.o had been DKIM signed
or passed SPF checks, the only way it could really safely come to the
conclusion that a legitimate sending mechanism had actually been
compromised rather than simply someone spoofing the from address,
really. I'm inclined to blame Google, unless I'm missing something.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin DOT net
http://www.happyassassin.net
More information about the test
mailing list