Discussion:
[Emc-users] A phoney from Sourceforge?
Peter Blodow
2017-06-10 07:15:28 UTC
Permalink
Hello Gentlemen,
I just got a message, seemingly from sourceforge (sourceforge at
slashdotmedia.com), litterally mentioning emc-users as my mailing list,
with the urgent wish to confirm my subscription with sourceforge,
otherwise it would be cancelled by June 29th. The link given looks
somehow fishy (starting with sourceforge.net, followed by lots of
numbers and special characters) and contains my email address at the end.

I can't remember having a subscription with sourceforge, or do I need
one in order to participate in this list? I'd rather strongly suppose
this is some sort of spoof to make me contact that link, maybe to
confirm the existence of my email address or make me pick up a virus.
Has anybody else received such a message?

Greetings
Peter Blodow

---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus
Philipp Burch
2017-06-10 07:52:08 UTC
Permalink
Hi Peter,

I received that message as well, mentioning two mailing lists that I'm subscribed to. From what I can tell, it is valid, since this mailing list (and the other one) is hosted at sourceforge. See also the signature appearing at the end of any message. Should be safe, I think.

Bye,
Philipp

---- Peter Blodow wrote ----
Post by Peter Blodow
Hello Gentlemen,
I just got a message, seemingly from sourceforge (sourceforge at
slashdotmedia.com), litterally mentioning emc-users as my mailing list,
with the urgent wish to confirm my subscription with sourceforge,
otherwise it would be cancelled by June 29th. The link given looks
somehow fishy (starting with sourceforge.net, followed by lots of
numbers and special characters) and contains my email address at the end.
I can't remember having a subscription with sourceforge, or do I need
one in order to participate in this list? I'd rather strongly suppose
this is some sort of spoof to make me contact that link, maybe to
confirm the existence of my email address or make me pick up a virus.
Has anybody else received such a message?
Greetings
Peter Blodow
---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Emc-users mailing list
https://lists.sourceforge.net/lists/listinfo/emc-users
Erik Christiansen
2017-06-10 08:00:40 UTC
Permalink
Post by Peter Blodow
Hello Gentlemen,
I just got a message, seemingly from sourceforge (sourceforge at
slashdotmedia.com), litterally mentioning emc-users as my mailing list, with
the urgent wish to confirm my subscription with sourceforge, otherwise it
would be cancelled by June 29th. The link given looks somehow fishy
(starting with sourceforge.net, followed by lots of numbers and special
characters) and contains my email address at the end.
Peter, you're right, it is just phishing spam. I had one yesterday too.
Probably everyone on the list has been or will be targeted.

Its attempt to fudge the From: address was pretty pathetic:

From 0100015c8a61ee3f-b287ce06-884f-4e3d-b422-9959bd3bbff1-***@amazonses.com
Fri Jun 9 14:05:02 2017
From: "SourceForge.net" <***@slashdotmedia.com>

If your MUA doesn't show both From addresses naturally, it's worth
discovering how to tickle it when dubious.

Erik
Marcus Bowman
2017-06-10 08:40:42 UTC
Permalink
Yes; I got one too.
I have been subscribed for a long time, and this is the first message of that kind, so I consider it spam/phishing.

Marcus
Post by Erik Christiansen
Post by Peter Blodow
Hello Gentlemen,
I just got a message, seemingly from sourceforge (sourceforge at
slashdotmedia.com), litterally mentioning emc-users as my mailing list, with
the urgent wish to confirm my subscription with sourceforge, otherwise it
would be cancelled by June 29th. The link given looks somehow fishy
(starting with sourceforge.net, followed by lots of numbers and special
characters) and contains my email address at the end.
Peter, you're right, it is just phishing spam. I had one yesterday too.
Probably everyone on the list has been or will be targeted.
Fri Jun 9 14:05:02 2017
If your MUA doesn't show both From addresses naturally, it's worth
discovering how to tickle it when dubious.
Erik
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Emc-users mailing list
https://lists.sourceforge.net/lists/listinfo/emc-users
andy pugh
2017-06-10 09:21:11 UTC
Permalink
Post by Marcus Bowman
Yes; I got one too.
I have been subscribed for a long time, and this is the first message of
that kind, so I consider it spam/phishing.
They already have your email address, that's how they will send this reply
of mine to you. I don't see what else they could be after.

If you don't trust the link then you can always navigate to the admin page
for this mailing list through the route they suggest:
"If you're a registered SourceForge user, you can also confirm your
subscriptions by going to SourceForge, Account Settings, Subscriptions."

Though if you are not registered at Sourceforge, but are only subscribed to
this mailing list, that won't work.
--
atp
"A motorcycle is a bicycle with a pandemonium attachment and is designed
for the especial use of mechanical geniuses, daredevils and lunatics."
— George Fitch, Atlanta Constitution Newspaper, 1916
Cristian Bontas
2017-06-10 09:26:13 UTC
Permalink
Got one too.
But if fake, I don't really get its purpose.
The link seems legit, and the sourceforge.net certificates are valid.
There doesn't seem to be any URL trick, either.
So how would a third party benefit from my subscription reconfirmation?

Any ideas?

Cristian Bontas
Post by Marcus Bowman
Yes; I got one too.
I have been subscribed for a long time, and this is the first message of that kind, so I consider it spam/phishing.
Marcus
Post by Erik Christiansen
Post by Peter Blodow
Hello Gentlemen,
I just got a message, seemingly from sourceforge (sourceforge at
slashdotmedia.com), litterally mentioning emc-users as my mailing list, with
the urgent wish to confirm my subscription with sourceforge, otherwise it
would be cancelled by June 29th. The link given looks somehow fishy
(starting with sourceforge.net, followed by lots of numbers and special
characters) and contains my email address at the end.
Peter, you're right, it is just phishing spam. I had one yesterday too.
Probably everyone on the list has been or will be targeted.
Fri Jun 9 14:05:02 2017
If your MUA doesn't show both From addresses naturally, it's worth
discovering how to tickle it when dubious.
Erik
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Emc-users mailing list
https://lists.sourceforge.net/lists/listinfo/emc-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Emc-users mailing list
https://lists.sourceforge.net/lists/listinfo/emc-users
Erik Christiansen
2017-06-10 10:04:26 UTC
Permalink
Post by Cristian Bontas
Got one too.
But if fake, I don't really get its purpose.
The link seems legit, and the sourceforge.net certificates are valid. There
doesn't seem to be any URL trick, either.
So how would a third party benefit from my subscription reconfirmation?
Any ideas?
The spam came directly from amazonses to my ISP, without going anywhere
near sourceforge:

Received: from a9-46.smtp-out.amazonses.com ([54.240.9.46]) by
ipmailmx06.adl6.internode.on.net with ESMTP; 09 Jun 2017 11:40:00 +0930

Given that some belief has been expressed that sourceforge's owner might
be using a subsidiary to threaten its user base, someone might like to
query the support address given in the mail:

Reply-To: "SourceForge.net Support" <***@slashdotmedia.com>

That appears to be quite legit. But faking the From address makes it
dishonest spam, I figure, as has also been detected by my ISP:

X-SpamDetect: : -7.500000 IronPort SPAM scanned=-10.0, From isn't in
return path=1.1, 'remove' URL contains an email address=1.4

No matter how fine the link and support reply address look, it was
delivered in a dishonest contaminated envelope. And the moronically
highhanded unsubscribing threat does generally not occur in reality.

Erik
Kirk Wallace
2017-06-10 13:54:22 UTC
Permalink
I have been getting similar notices from "Network Solutions"
https://en.wikipedia.org/wiki/Western_false_front_architecture
Subject: Important Message from Network Solutions
Date: Fri, 9 Jun 2017 17:19:21 +0000
From: ***@networksolutions.com <***@drawprecision.c 0m (I
mangled the .com)
See how the Name (without the carets, <>) looks like an e-mail address
but the link is fishy? There were other hints too.

My wild guess is that they are mining network records to create false
fronts in order to get you to use a username and or password or some
layered approach to get one to interact to eventually get there.

I think we all tend to use similar logins for all of our resources if
they can get into your low security login they have a good chance to get
into your bank account.

I forwarded my suspicious messages to:
***@uce.gov
***@antiphishing.org

I don't know if it will do any good.

Be careful out there.

Post by Cristian Bontas
Got one too.
But if fake, I don't really get its purpose.
The link seems legit, and the sourceforge.net certificates are valid. There
doesn't seem to be any URL trick, either.
So how would a third party benefit from my subscription reconfirmation?
Any ideas?
The spam came directly from amazonses to my ISP, without going anywhere
Received: from a9-46.smtp-out.amazonses.com ([54.240.9.46]) by
ipmailmx06.adl6.internode.on.net with ESMTP; 09 Jun 2017 11:40:00 +0930
Given that some belief has been expressed that sourceforge's owner might
be using a subsidiary to threaten its user base, someone might like to
That appears to be quite legit. But faking the From address makes it
X-SpamDetect: : -7.500000 IronPort SPAM scanned=-10.0, From isn't in
return path=1.1, 'remove' URL contains an email address=1.4
No matter how fine the link and support reply address look, it was
delivered in a dishonest contaminated envelope. And the moronically
highhanded unsubscribing threat does generally not occur in reality.
Erik
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Emc-users mailing list
https://lists.sourceforge.net/lists/listinfo/emc-users
--
Kirk Wallace
http://www.wallacecompany.com/machine_shop/
http://www.wallacecompany.com/E45/
Dave Cole
2017-06-10 17:13:00 UTC
Permalink
Hi Guys,

I just got a request to renew my subscription to a totally unrelated
software project on Source Forge.
It was legit. I did not have to log in or anything like that. I
clicked the link and it went to Source Forge and I clicked another thing
saying continue subscription.... That's it. No log in required.

Someone might be phishing under the cover of Source Forge sending out
these other messages, but my request was legit.

Dave
Post by Kirk Wallace
I have been getting similar notices from "Network Solutions"
https://en.wikipedia.org/wiki/Western_false_front_architecture
Subject: Important Message from Network Solutions
Date: Fri, 9 Jun 2017 17:19:21 +0000
mangled the .com)
See how the Name (without the carets, <>) looks like an e-mail address
but the link is fishy? There were other hints too.
My wild guess is that they are mining network records to create false
fronts in order to get you to use a username and or password or some
layered approach to get one to interact to eventually get there.
http://youtu.be/C3rDWENRI7c
I think we all tend to use similar logins for all of our resources if
they can get into your low security login they have a good chance to
get into your bank account.
I don't know if it will do any good.
Be careful out there.
http://youtu.be/_pIkkzDagsY
Post by Cristian Bontas
Got one too.
But if fake, I don't really get its purpose.
The link seems legit, and the sourceforge.net certificates are valid. There
doesn't seem to be any URL trick, either.
So how would a third party benefit from my subscription reconfirmation?
Any ideas?
The spam came directly from amazonses to my ISP, without going anywhere
Received: from a9-46.smtp-out.amazonses.com ([54.240.9.46]) by
ipmailmx06.adl6.internode.on.net with ESMTP; 09 Jun 2017 11:40:00 +0930
Given that some belief has been expressed that sourceforge's owner might
be using a subsidiary to threaten its user base, someone might like to
That appears to be quite legit. But faking the From address makes it
X-SpamDetect: : -7.500000 IronPort SPAM scanned=-10.0, From isn't in
return path=1.1, 'remove' URL contains an email address=1.4
No matter how fine the link and support reply address look, it was
delivered in a dishonest contaminated envelope. And the moronically
highhanded unsubscribing threat does generally not occur in reality.
Erik
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Emc-users mailing list
https://lists.sourceforge.net/lists/listinfo/emc-users
Erik Christiansen
2017-06-10 09:35:38 UTC
Permalink
Post by Marcus Bowman
Yes; I got one too.
I have been subscribed for a long time, and this is the first message
of that kind, so I consider it spam/phishing.
Marcus, you're right - real mailing lists do not threaten exile by ...
date. But beyond theorising, if we just do:

$ whois amazonses.com

we see:

Registrar: MARKMONITOR INC.
...
Referral URL: http://www.markmonitor.com

Now, does that page look like sourceforge, or reek of phish? ;-)

In any event, even if the list is hosted at sourceforge, that would not
give them any subscription denial rights over our members. It is all a
deceitful wank.

Erik
Mark Johnsen
2017-06-10 17:11:34 UTC
Permalink
It looks like they changed their terms and want everyone to re-up on the
new terms.
theman whosoldtheworld
2017-06-10 20:24:44 UTC
Permalink
not really understand these type of problem ... Now since 2004 we are all
labeled with some system ....
soon as we go over the net ... now the thing is much more commercial than
then .... this is true ...
but the fact is known so the problem is As we want our things to become
public and how much we want to track us ...
accaunts connected to the absolute nothing are the best defense we common
mortals we can have. ....
everything else is just theory and above all worrying about this is useless
.... it is outside of our reach ....
unless one of you has a new generation IA that occupies a space Of 5000 sq.
Meters ....
when google launched commerce campaigns the various cognitive meetings at
the pubblic commercial agencies (chambers of commerce all over the world)
explained it very well. Here in my house happened in 2006 (i am in eu) you
will have been successful in the previous year.

bkt
Post by Mark Johnsen
It looks like they changed their terms and want everyone to re-up on the
new terms.
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Emc-users mailing list
https://lists.sourceforge.net/lists/listinfo/emc-users
Erik Christiansen
2017-06-30 00:11:46 UTC
Permalink
Post by Peter Blodow
Hello Gentlemen,
I just got a message, seemingly from sourceforge (sourceforge at
slashdotmedia.com), litterally mentioning emc-users as my mailing list, with
the urgent wish to confirm my subscription with sourceforge, otherwise it
would be cancelled by June 29th. The link given looks somehow fishy
(starting with sourceforge.net, followed by lots of numbers and special
characters) and contains my email address at the end.
I can't remember having a subscription with sourceforge, or do I need one in
order to participate in this list? I'd rather strongly suppose this is some
sort of spoof to make me contact that link, maybe to confirm the existence
of my email address or make me pick up a virus. Has anybody else received
such a message?
Have just received a second reminder to resubscribe to _our_ list, by
June 30. Taking the plunge, and following the link, I found that it was
not possible to proceed if I deselected acceptance of spam from
sourceforge. Then it wanted me to click on squares on some stupid
graphic. That was far too much bullshit, so we'll see if they cut me
off. If so, it is possible that I'll have a look at resubscribing.

It is, however, depressing when a bunch of wankers think they own an
internet community.

Erik
andy pugh
2017-06-30 08:54:46 UTC
Permalink
Post by Erik Christiansen
Have just received a second reminder to resubscribe to _our_ list, by
June 30. Taking the plunge, and following the link, I found that it was
not possible to proceed if I deselected acceptance of spam from
sourceforge.
No, you are clicking to accept emails from Sourceforge. There isn't much
point being subscribed to a mailing list if it can't send you emails.
--
atp
"A motorcycle is a bicycle with a pandemonium attachment and is designed
for the especial use of mechanical geniuses, daredevils and lunatics."
— George Fitch, Atlanta Constitution Newspaper, 1916
Erik Christiansen
2017-06-30 09:25:24 UTC
Permalink
Post by andy pugh
Post by Erik Christiansen
Have just received a second reminder to resubscribe to _our_ list, by
June 30. Taking the plunge, and following the link, I found that it was
not possible to proceed if I deselected acceptance of spam from
sourceforge.
No, you are clicking to accept emails from Sourceforge. There isn't much
point being subscribed to a mailing list if it can't send you emails.
Hmmm, that's not how I interpreted " I agree to receive correspondence
from SourceForge.net." List traffic is correspondence from list members.
It is in no way correspondence _from_ SourceForge.net. When I receive a
birthday card, it is not from the local mailman, just because he
delivers it.

Erik
Valerio Bellizzomi
2017-06-30 09:50:44 UTC
Permalink
Post by Erik Christiansen
Post by andy pugh
Post by Erik Christiansen
Have just received a second reminder to resubscribe to _our_ list, by
June 30. Taking the plunge, and following the link, I found that it was
not possible to proceed if I deselected acceptance of spam from
sourceforge.
No, you are clicking to accept emails from Sourceforge. There isn't much
point being subscribed to a mailing list if it can't send you emails.
Hmmm, that's not how I interpreted " I agree to receive correspondence
from SourceForge.net." List traffic is correspondence from list members.
It is in no way correspondence _from_ SourceForge.net. When I receive a
birthday card, it is not from the local mailman, just because he
delivers it.
Erik
What's the problem? I just resubscribed and that's all
the spam I get is never from sourceforge
Mark
2017-06-30 12:09:55 UTC
Permalink
Post by Erik Christiansen
Post by andy pugh
Post by Erik Christiansen
Have just received a second reminder to resubscribe to _our_ list, by
June 30. Taking the plunge, and following the link, I found that it was
not possible to proceed if I deselected acceptance of spam from
sourceforge.
No, you are clicking to accept emails from Sourceforge. There isn't much
point being subscribed to a mailing list if it can't send you emails.
Hmmm, that's not how I interpreted " I agree to receive correspondence
from SourceForge.net." List traffic is correspondence from list members.
It is in no way correspondence _from_ SourceForge.net. When I receive a
birthday card, it is not from the local mailman, just because he
delivers it.
Erik
The From: address is lists.sourceforge.net. So you are getting
correspondence from sourceforge.net. It is the email server. The
mailman in this case is the Internet.

Mark
Valerio Bellizzomi
2017-07-05 09:32:50 UTC
Permalink
Post by Erik Christiansen
Post by Peter Blodow
Hello Gentlemen,
I just got a message, seemingly from sourceforge (sourceforge at
slashdotmedia.com), litterally mentioning emc-users as my mailing list, with
the urgent wish to confirm my subscription with sourceforge, otherwise it
would be cancelled by June 29th. The link given looks somehow fishy
(starting with sourceforge.net, followed by lots of numbers and special
characters) and contains my email address at the end.
I can't remember having a subscription with sourceforge, or do I need one in
order to participate in this list? I'd rather strongly suppose this is some
sort of spoof to make me contact that link, maybe to confirm the existence
of my email address or make me pick up a virus. Has anybody else received
such a message?
Have just received a second reminder to resubscribe to _our_ list, by
June 30. Taking the plunge, and following the link, I found that it was
not possible to proceed if I deselected acceptance of spam from
sourceforge. Then it wanted me to click on squares on some stupid
graphic. That was far too much bullshit, so we'll see if they cut me
off. If so, it is possible that I'll have a look at resubscribing.
It is, however, depressing when a bunch of wankers think they own an
internet community.
Erik
I don't understand what is the problem, I have resubscribed, and no spam
at all

Loading...