[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, Jun 12, 2013 at 6:07 PM, Simon Avery wrote: > From addresses in my examples were faked, not the rest of the headers. John's email that started this thread was sent from Yahoo's servers, while the From address is a @btinternet address. That doesn't mean that it's faked, it just means that BT currently uses Yahoo for email. Are you sure something like that wasn't the case? (Not sure about Yahoo, but I can use Gmail's interface to send mail 'from' any email account I control.) We still don't know what kind of vulnerability Yahoo has, but the instances I've seen (like with my account) suggested that someone had access to my account rather than merely to their servers. > That it happens with yahoo more than any other provider but quite > a significant margin (non-researched, experience only), tells me something > major is wrong there. I did do such research and showed that Yahoo does have a major issue. http://www.virusbtn.com/news/2013/02_21.xml > and they don't appear to be doing a damned thing to stop it. (And > yes, I have filed abuse reports) I don't think abuse reports help against a vulnerability, other than make the company more aware of it. Yahoo is big, and a mess. But if it were something they knew how to solve, they'd do it. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq