[TowerTalk] notice from owner

[Greg Troxel]

Dave Sublette <k4to.dave at gmail.com> writes:

> I got an email, allegedly from  this list owner saying I had too many
> bounces and to reconfirm my membership or I would be dropped.  It had links
> enclosed that appeared to take me to the registration page. It also listed
> my password in plain text.
>
> I am suspicious... I have never received any message like this and I have
> been a member for several years.
>
> I will gladly reconfirm if this is valid, but one cannot be too cautious
> these days.

I can't speak for the list owner, but mailman definitely does this, both
sending such messages, and including your super-secret list password in
plain text.  So this is not really a priori very surprising.

You are right to be suspicious of links in incoming mail, and my
approach is to absorb that you should visit the list page from the
email, set the email aside *without using any links in it* and then find
the list page yourself.  You can search, or you can go back over the
messages you have received from the list, which should all have the link
in the footer.  But the big point is not to navigate from received
emails to any site where you log in or enter information.

The thing to beware of is email that looks like it is a link to the
right place but is actually a link to someplace else.  Reading mail in
plain text helps, as does looking at the html manually.  People can
insert things that look like (wrong brackets to prevent html
interpretation):

 [a href=http://evil.site]http://lists.contesting.com[/a]

and mail readers will dutifully display the good address but take you to
the bad one when clicked.

73 de n1dam