My "spoof" email was apparently genuine. The person who sent it has no idea how much he got wrong with the request.
On Thu, Sep 24, 2020 at 12:44 PM Seymour J Metz <sme...@gmu.edu> wrote: > That's not reliable either, and there are many different ways of being > flawed, some more serious than others. The model that you proposed is > deeply flawed for anybody that doesn't have a closed set of correspondents > using an identical security model. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > ________________________________________ > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf > of CM Poncelet <ponce...@bcs.org.uk> > Sent: Wednesday, September 23, 2020 9:10 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a > potentially harmful attachment > > All software filters are fundamentally flawed, because they presume to > recognize and 'understand' what is or not SPAM - which is logically > impossible. The only reliable filter is the hardware one, which assumes > by default that every received email is SPAM *unless* a message filter > rule says it is legitimate. That is how ACF2 enforced security - by > denying any access to a resource unless an ACF rule permitted it. > > > > On 22/09/2020 23:14, Seymour J Metz wrote: > > The commercial filters are mostly broken in all sorts of fascinating > ways. If it's an option your best choice is to find a provider competent to > select or write decent filters. > > > > > > -- > > Shmuel (Seymour J.) Metz > > http://mason.gmu.edu/~smetz3 > > > > > > ________________________________________ > > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on > behalf of Charles Mills <charl...@mcn.org> > > Sent: Tuesday, September 22, 2020 5:25 PM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: Caution: "Hacked" email caused the distribution of a > potentially harmful attachment > > > > The commercial e-mail malware filters watch for e-mail where the "from" > address and the headers do not match. > > > > They did not used to. The *SPAM* filters watched for the mis-match, but > not the malware filters. The notorious RSA hack began with a spear-phishing > e-mail with an attachment of an Excel spreadsheet containing a zero-day > exploit. RSA's SPAM filter caught it! However, two enterprising employees > dragged the e-mail out of their SPAM folder and opened it and the attached > spreadsheet. > > > > Ever since then the malware filter publishers have been watching for > this mismatch and treating it as potential malware rather than merely > potential SPAM. > > > > Charles > > > > > > -----Original Message----- > > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of CM Poncelet > > Sent: Tuesday, September 22, 2020 2:05 PM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: Caution: "Hacked" email caused the distribution of a > potentially harmful attachment > > > > Hence, check your trash/deleted folder and then create message filters > > for any legitimate emails it contains, then run your message filters > > against your trash/deleted folder to move the legitimate emails out of > > there and into your "Inbox" folder or whatever other appropriate folders > > - and these legitimate emails will then no longer be trapped as > > spam/scam emails. What these 'not spam/scam' message filters should > > contain and check for is up to you. > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > . > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Wayne V. Bickerdike ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
