|
Title: . Post by: ingrownpocket on August 12, 2013, 03:52:49 PM .
Title: Re: Email from theymos? Post by: BurtW on August 12, 2013, 03:54:01 PM No.
Title: Re: Email from theymos? Post by: John (John K.) on August 12, 2013, 03:57:52 PM LOL. Theymos sounds like my Nigerian prince promising me my own island!
Title: Re: Email from theymos? Post by: Jan on August 12, 2013, 04:07:35 PM LOL. Theymos sounds like my Nigerian prince promising me my own island! Hey you got the same donation address as me. Must be a coincidence related to the bad random generator on Android Title: Re: Email from theymos? Post by: John (John K.) on August 12, 2013, 04:09:28 PM PS: Can you post the entire email header here (taking out your email addy if you want)
LOL. Theymos sounds like my Nigerian prince promising me my own island! Hey you got the same donation address as me. Must be a coincidence related to the bad random generator on Android What? ??? Title: Re: Email from theymos? Post by: pedrog on August 12, 2013, 04:59:58 PM I haven't receive it (yet), people who receive this email have their email address made public? Any reports of a database compromised or BitcoinTalk?
Title: Re: Email from theymos? Post by: nimda on August 12, 2013, 05:00:19 PM Simple address spoof; not legitimate.
Also the forum is drowning in BTC right now. Title: Re: Email from theymos? Post by: theymos on August 12, 2013, 05:43:29 PM No, I didn't send that.
Title: Re: Email from theymos? Post by: qwk on August 12, 2013, 05:52:35 PM That's one of the reasons why I'd not recommend making your email address public on a web forum.
IT just makes you an easy target for SCAM-SPAM. CONTRIBUTOR BENEFITS - 0.1+ BTC = Donors crown before nick (everywhere your username is shown) A Donator's crown would suit me nice, though :D And while I'm dreaming, I'd like to have a pony. Title: Re: Email from theymos? Post by: theymos on August 12, 2013, 06:01:43 PM Surprisingly, no one tried actually replying to the email. If they had, they would have reached me. (This is not a good way of contacting me, though -- I may disable theymos@bitcointalk.org in the future.)
Title: Re: Email from theymos? Post by: escrow.ms on August 12, 2013, 06:04:54 PM If it's a mass mail, someone should send 0.00000001 without fees to that address with a warning note like "IT'S A SCAM" and this thread's link. ;D
Title: Re: Email from theymos? Post by: vgo on August 12, 2013, 09:41:47 PM I've received in Gmail.
Title: Re: Email from theymos? Post by: escrow.ms on August 12, 2013, 10:06:43 PM I've received in Gmail. Because your email is on your profile.Title: Re: Email from theymos? Post by: vgo on August 12, 2013, 10:42:54 PM I've received in Gmail. Because your email is on your profile.Obvious. Title: Re: Email from theymos? Post by: Anduck on August 13, 2013, 04:47:09 AM PS: Can you post the entire email header here (taking out your email addy if you want) LOL. Theymos sounds like my Nigerian prince promising me my own island! Hey you got the same donation address as me. Must be a coincidence related to the bad random generator on Android What? ??? I'm afraid you missed a joke... Title: Re: Email from theymos? Post by: Mike Hearn on August 13, 2013, 01:54:34 PM There's a simple way to shut down this kind of phish: implement DKIM and DMARC.
Firstly, you make sure all mail being sent by bitcointalk.org is DKIM signed. It just boils down to configuring your SMTP server and DNS, more or less. Then all mail is cryptographically signed automatically. Secondly, add another DNS TXT record that specifies a DMARC policy: http://www.dmarc.org/overview.html That tells mail engines that understand the protocol that bitcointalk.org should only be sending DKIM signed mail. You can also request reporting. Once you have that configured, compliant mail systems (like gmail and yahoo mail) can be told to automatically spamfolder any forged mail and mail a copy back to you, so you find out about phishing attempts immediately. Title: Re: Email from theymos? Post by: WuLabsWuTecH on August 15, 2013, 07:38:04 AM I didn't realize we could contact theymos by email! (not that I would ever have occasion to)
Title: Re: Email from theymos? Post by: HeroC on August 15, 2013, 01:42:30 PM I wish donator stats were that cheap. :P
Title: Re: Email from theymos? Post by: Raize on August 15, 2013, 03:20:50 PM Quote Received: from wl23-f168.wedos.net (wl23-f168.wedos.net. [2a02:2b88:1:4::27]) by mx.google.com with ESMTPS id t9si28084548eeo.35.2013.08.12.08.32.26 for <info@carloslago.com> (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 12 Aug 2013 08:32:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of w32382@wedos.net designates 2a02:2b88:1:4::27 as permitted sender) client-ip=2a02:2b88:1:4::27; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of w32382@wedos.net designates 2a02:2b88:1:4::27 as permitted sender) smtp.mail=w32382@wedos.net Why is Google accepting a random IPv6 address as a legitimate sender for @bitcointalk.org when the spf record for bitcointalk.org only designates its MX servers (presumably IPv4 addresses) as valid? Bitcointalk.org SPF: Quote v=spf1 mx a ~all For what its worth, I didn't receive this email and I've checked my spam folders to verify. Maybe this is an argument for going back to doing a hard fail using "-all" instead of the soft fail on "~all". It's weird Google doesn't even consider this email the least bit suspicious though. It just says "spf-pass" like there's nothing wrong, using wedos.net as the authenticating domain even though the Reply-To: and From: are clearly from a domain NOT associated with wedos.net. Title: Re: Email from theymos? Post by: John (John K.) on August 15, 2013, 03:44:27 PM PS: Can you post the entire email header here (taking out your email addy if you want) LOL. Theymos sounds like my Nigerian prince promising me my own island! Hey you got the same donation address as me. Must be a coincidence related to the bad random generator on Android What? ??? I'm afraid you missed a joke... Oops, was too tired when I posted this. :P |