On Thu, 13 Oct 2011 17:51:24 PDT, "andrew.wallace" said: > I'm not moderated, I was completely brick walled. I rely on the industry to > post my stuff on my behalf. Let's see. "not moderated, completely brick walled". How well does that hold up? The note you replied to left the full-disclosure site at this time: Received: from lists.grok.org.uk (EHLO lists.grok.org.uk) ([77.66.26.37]) by zidane.cc.vt.edu (MOS 4.2.2-FCS FastPath queued) with ESMTP id QWF63339; Thu, 13 Oct 2011 17:40:50 -0400 (EDT) Received: from lists.grok.org.uk (localhost [127.0.0.1]) by lists.grok.org.uk (Postfix) with ESMTP id B28BF3D3; Thu, 13 Oct 2011 22:40:46 +0100 (BST) The timestamp on zidane is reliable, it's NTP synced. So I have a high degree of confidence that the following line (4 seconds before) is also a reliable timestamp of when Postfix enqueued Byron's mail. So pretty much nobody should be in posession of a copy much before that timestamp. Your reply stating the list was moderated has: Received: from localhost (localhost [127.0.0.1]) by rikku.cc.vt.edu (MOS 3.10.10a-GA) id LLD06213; Thu, 13 Oct 2011 17:44:34 -0400 (EDT) Received: from steiner.cc.vt.edu (steiner.cc.vt.edu [198.82.163.51]) by rikku.cc.vt.edu (MOS 3.10.10a-GA) with ESMTP id LLD06212; Thu, 13 Oct 2011 17:44:33 -0400 (EDT) (a few omitted) Received: (qmail 73517 invoked by uid 60001); Thu, 13 Oct 2011 21:44:32 +0000 Received: from [82.40.88.173] by web59615.mail.ac4.yahoo.com via HTTP; Thu, 13 Oct 2011 14:44:32 -0700 (PDT) X-mailer: YahooMailWebService/0.8.114.317681 Message-id: <1318542272.69082.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxx> So you replied to it from Yahoo a whole 3 minutes and 46 seconds after it was posted, which means that you had a copy even earlier (given that it takes at least a little time to compose and send a reply in Yahoo's webmail interface - even longer if the message isn't in a Yahoo mailbox already (this becomes relevant further on). Now how could this have come to pass? Conclusion: One of the following explanations of how you got a copy is true: 0) The message doesn't show any cc: fields, but Byron *could* have included a Bcc: field to include you, or somebody else who then followed step (2) below. Personally, I'm doubtful, as there's no obvious *reason* for Byron to have done so on this particular message (in particular, no reason to have used a bcc: instead of a cc:) But I'll let him speak to that himself. There's also the minor breach of netiquette of replying to a bcc:'ed note, thus revealing the fact you were on the bcc:. Overall likelyhood: Doubtful. 1) You have control of an account that is subscribed to the list (and thus receives messages) that eventually ends up at Yahoo, but are unable to post from that address, and did a "reply" the instant it showed up in your Yahoo mailbox. This goes somewhat against your claim that you're totally "brick walled". But other than that, it holds up remarkably well. Plenty of time to get a "You have new mail" notification, open it, pop in a one-line reply, and hit send. 1a) Some address is subscribed to the list, and acting as a "list exploder" by forwarding to multiple addresses not on the original list, including an address you control at Yahoo. Fairly unlikely, as these have fallen out of favor in the last few years, precisely because the semantics of "reply" and bounce messages through a list exploder are very hard to get right (this is only easy to do in walled-garden scenarios like an Exchange cluster where you control the horizontal and vertical - once you let an outside MUA like YahooMail get involved, it goes pear-shaped very quickly). 2) Somebody else received the post, thought of you, forwarded it to you so you could receive it, and you replied to it, all within less than 4 minutes. If so, please speak to the person you received it from, as their forward incorrectly re-used this from Byron's post: Message-id: <4E975936.9010507@xxxxxxxxx> resulting in your message containing this: In-reply-to: <4E975936.9010507@xxxxxxxxx> See RFC5322, section 3.6.4 for details. Manual forwarding of a message is quite clearly a "new" message, so the Message-ID: should be regenerated. Since the vast majority of MUA's get this right, I rank this as low-probability. 3) You spend *far* too much time hitting refresh on list archive web pages and then hand-composing a reply into Yahoo Mail. Congrats on figuring out how to get Yahoo Mail to include the In-Reply-To: header, that takes some doing. 4) You have some other reasonable explanation of how you came to be in posession of a copy just a few minutes after it was posted. Overall: (1) is highly likely, (3) is very sad if true, jury's still out on (4) till we hear something plausible, rest are unlikely.
Attachment:
pgpU3xH6o4_Kw.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/