[clug] Snowdrift.coop - now email trust and security

Scott Ferguson scott.ferguson.clug at gmail.com
Wed Dec 3 03:16:01 MST 2014 

On 3 December 2014 at 17:04, Eyal Lebedinsky <eyal at eyal.emu.id.au> wrote:
> I owe an explanation:

And I owe an apology for being hasty and curt (tired and overworked).

>
> 1) Links in email are risky as one never knows where it came from and how
> trustworthy the source is.

Yes. Very much agreed.

>    I did recognise the sender name in the "From" and considered it friendly,

With the greatest respect - that can be a mistake. I'd prefer to PGP
sign all my messages - but that often raises storms of protests, and
is somewhat useless in that:-
; many people don't use PGP
; it only establishes the my PGP key has been used to sign the content

I've not only dealt with plenty of incidences where problems have
resulted from people not proving who the are - I've had several cases
where I've been impersonated. I do use DKIM/SPF/DMARC on my mail
servers, as does Google - and PGP signatures, but that doesn't stop
people who don't check those things being misled. I appreciate the
difficulties of list admins in implementing support for email origin
verification (and hope the failing of DKIM/SPF will be fixed soon).

I also understand that the majority use their eyes to determine
trustworthiness on the internet - perhaps I'm over passionate about
trying to encourage them not to.

> however
>
> 2) The Reply-To header raised a flag for me:
>         From: Scott Ferguson <scott.ferguson.clug at gmail.com>
>         To: CLUG List <linux at lists.samba.org>
>>>>     Reply-To: bryan at netspeed.com.au
>
> I thought it was unexpected.

That replyto was only meant to be used for one post, and replaced with
the other one.
I doubt I'm the only one who gets unwanted mail from this list (but I
hope so), of late I've had little time to deal with email though I do
like to help local Linux users, and I've had a lot of unpleasant
anti-systemd emails to my public email addresses (nothing to do with
CLUG subscribers). Hopefully both those situations will change soon
and I can return to just getting mail from the list to this email
address.

> This header is normally not present, and when it is the content provides an alternate address
> for the sender (e.g. I email from work but want replies at home).

That's one example of usage.
It's not uncommonly used as a method to disuade the less-savvy
internet pests on other lists. Especially on those lists where
thousands post via gmane/google lists and the like - or via the
archived version of the list - where the Eternal September/schoolies
CC the poster - or even just reply direct. CC's are not a problem on
this list as I use gmail which won't receive the same email. On many
lists it's a breach of the CoC to re-send offlist posts without
seeking permission from the poster who can't be bothered learning
netiquette.
As is top-posting - aside from making life for those of us who have to
use screen readers difficult - it leads to unintentional (or
intentional) rudeness as it allows ignoring questions, and favors
exchange over discussion in relevant point form.

>
> I also should apologize to the list, I did not mean to criticize or censure,
> just to say that
> one short description will save dozen of people from searching the web. Less
> electrons bothered.
> Saves the planet. World peace. etc.
>
> And yes, I did learn something in the end.
>
> cheers
>         Eyal
>
> On 03/12/14 13:38, Scott Ferguson wrote:
>>
>> On 3 December 2014 at 11:04, Eyal Lebedinsky <eyal at eyal.emu.id.au> wrote:
>>>
>>> With all due respect Scott,
>>
>>
>> With the /greatest/ respect Eyal,
>>
>>>
>>> Unless the post is about a widely understood subject there should be
>>> *some*
>>> hint regarding what the link is about.
>>
>>
>> Really? I guess it's never bother me.
>> Presuming the best intentions and not just a sense of entitlement - I
>> feel the same way about top-posting on lists (it's easier to move the
>> mouse than write a summary for a link to a FOSS project that explains
>> itself).
>> Don't take the wrong way.
>>
>>> I am uneasy clicking on email links that I have no idea about.
>>
>>
>> I'm sorry to hear that.
>> [curious] Is that just email links or links in general - if not the
>> latter, why?
>>
>> I don't understand your problem (I can be a bit thick) - could you
>> expand on that please?
>> Have you considered Googling the link or would the same reasons for
>> your uneasiness still apply?
>> e.g.:-
>>
>> https://www.google.com.au/search?q=https://snowdrift.coop/p/snowdrift/w/en/intro
>>
>> It's a project that may be of interest to FOSS supporters  - that they
>> may not have heard about, for funding projects.
>>
>>
>>>
>>> Even more so when the "Reply-To" header is unrelated to the "From", or am
>>> I
>>> misreading the whole thing?
>>
>>
>> I /assume/ so, short of more explanation for your reasoning - I'm not
>> currently inviting off-list replies due to work-load.
>>
>>>
>>> cheers
>>>          Eyal
>>>
>>> On 03/12/14 10:41, Scott Ferguson wrote:
>>>>
>>>>
>>>> Dear list,
>>>>                  I hope some find this project interesting (and news):-
>>>> https://snowdrift.coop/p/snowdrift/w/en/intro
>>>>
>>>>
>>
>> Kind regards
>>
>> --
>> “One size does not fit all.” ~ Frank Zappa
>>
>
> --
> Eyal Lebedinsky (eyal at eyal.emu.id.au)
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

Kind regards

-- 
“I feel a lot of people don't know what high school is - including those who are
in it. My material is provided to give them some perspective. People are stupid.
They never stop to question things. They just accept. Can you imagine a nation
who never questions the validity of cheerleaders and pom-poms?” ~ Frank Zappa

More information about the linux mailing list