|
Title: Suspicious email from Ubitex — scam? Post by: kseistrup on June 23, 2011, 07:24:05 AM Hi,
One hour ago I received a suspicious email, seemingly from Ubitex: Code: Received: by 10.227.27.90 with SMTP id h26cs2325wbc; An unsigned email from “webmaster@localhost” with a password, when the webmaster could have chosen to simply put that information on my account and simply have sent me a signed email with instructions to log in using the usual OpenID pathway? Come on, dude. On the other hand, 91.121.162.25 does seem to be a valid IP address for cryptonomicoin.ubitex.org… Did anyone else receive a similat email? And what is your reaction? Could the Ubitex webmaster please step forward? Cheers, Title: Re: Suspicious email from Ubitex — scam? Post by: cuddlefish on June 23, 2011, 06:29:47 PM Hi, One hour ago I received a suspicious email, seemingly from Ubitex: Code: Received: by 10.227.27.90 with SMTP id h26cs2325wbc; An unsigned email from “webmaster@localhost” with a password, when the webmaster could have chosen to simply put that information on my account and simply have sent me a signed email with instructions to log in using the usual OpenID pathway? Come on, dude. On the other hand, 91.121.162.25 does seem to be a valid IP address for cryptonomicoin.ubitex.org… Did anyone else receive a similat email? And what is your reaction? Could the Ubitex webmaster please step forward? Cheers, This is legitimate. Due to the site structure it's hard to have both OpenID and user/password auth at the same time, so I figured this would suffice. Unfortunately there wasn't a DEFAULT_FROM_EMAIL set so the mail came from 'webmaster@localhost'. Signed? With what key? Title: Re: Suspicious email from Ubitex — scam? Post by: kseistrup on June 23, 2011, 06:57:43 PM This is legitimate. Oh… Due to the barrage of scam emails that one receives daily, an unanswerable email — about a subject that isn't even mentioned on the main site — from ‘webmaster@localhost’ doesn't exactly appear trustworthy. Quote Due to the site structure it's hard to have both OpenID and user/password auth at the same time, so I figured this would suffice. How come you're scrapping OpenID? I, for one, am not interested in maintaining yet another username/password combo, so you're going to lose at least one user. Quote Unfortunately there wasn't a DEFAULT_FROM_EMAIL set so the mail came from 'webmaster@localhost'. And how, pray tell, did you imagine that people would believe that the email was legitimate? Did you expect people to scour the email headers for clues and make DNS lookups? Quote Signed? With what key? Ever heard of PGP (http://en.wikipedia.org/wiki/Pretty_Good_Privacy)/GPG (http://www.gnupg.org/)? The public key, or at least its fingerprint, could be available on the website. As a minimum I'd expect that the matter was mentioned on the website… Thanks for stepping forward, though. Cheers, Title: Re: Suspicious email from Ubitex — scam? Post by: rebuilder on June 23, 2011, 08:04:02 PM Best to assign kseistrup a new random password... I guess you probably already did, just making sure.
Title: Re: Suspicious email from Ubitex — scam? Post by: kseistrup on June 23, 2011, 08:07:43 PM Best to assign kseistrup a new random password... I guess you probably already did, just making sure. Don't worry, I already replaced the one from the email with a random string before posting here. Cheers, Title: Re: Suspicious email from Ubitex — scam? Post by: cuddlefish on June 23, 2011, 08:09:56 PM This is legitimate. Oh… Due to the barrage of scam emails that one receives daily, an unanswerable email — about a subject that isn't even mentioned on the main site — from ‘webmaster@localhost’ doesn't exactly appear trustworthy. Quote Due to the site structure it's hard to have both OpenID and user/password auth at the same time, so I figured this would suffice. How come you're scrapping OpenID? I, for one, am not interested in maintaining yet another username/password combo, so you're going to lose at least one user. Quote Unfortunately there wasn't a DEFAULT_FROM_EMAIL set so the mail came from 'webmaster@localhost'. And how, pray tell, did you imagine that people would believe that the email was legitimate? Did you expect people to scour the email headers for clues and make DNS lookups? Quote Signed? With what key? Ever heard of PGP (http://en.wikipedia.org/wiki/Pretty_Good_Privacy)/GPG (http://www.gnupg.org/)? The public key, or at least its fingerprint, could be available on the website. As a minimum I'd expect that the matter was mentioned on the website… Thanks for stepping forward, though. Cheers, No, I thought there was a default from set. Turns out there wasn't. I'm coming off OpenID because django-socialregistration just isn't nearly flexible enough. I may eventually add it back as a secondary auth. |