undefined | Better HN

0 pointscrc500215y ago0 comments

You only need to know the owner's email address.

Access to a message or a mailing list post by them won't provide any further advantage.

0 comments

Email address is not enough. This one case was a coincidence.

"We had a specific problem with the way we dealt with SPF records. Dustin didn't set any up, and there was a specific way that Robin Duckett's email server responded that caused us to flag it as a false negative for spoofing."

crc5002OP15y ago

I think he said that: The blog owner's email host did not provide SPF protection; the intruder's email host appended some headers that lured Posterous to classify the email as genuine.

So, having access to the blog owner's email headers would not have provided any additional advantage to the intruder.

j / k navigate · click thread line to collapse