Odd msg received from list

[Verde Denim]

I got an odd message this morning from the list telling me that my
account was de-activated due to excessive bounces. I've only sent a
handful of messages to this board, but do read an awful lot of the posts
in order to learn more about the language. The message also listed my
account password, which I found odd. Has anyone else received a message
like this?

--
Regards

Jack
Boston Tea Party, Coercive Acts, Powder Alarm, Revolution
Lessons (Mistakes) not learned are bound to be repeated.

 

[Roy Smith]

I got an odd message this morning from the list telling me that my
account was de-activated due to excessive bounces. I've only sent a
handful of messages to this board, but do read an awful lot of the posts
in order to learn more about the language. The message also listed my
account password, which I found odd. Has anyone else received a message
like this?

This sounds like a variation of a classic phishing scam. You get an
email which looks official, telling you that some account you have has
been suspended because you need to verify some information. The wording
of the message is always vague about exactly what account this is.

Don't click on any of the links. At best, they're harvesting email
addresses. At worst, they're harvesting personal information which can
be used for identity theft, credit card fraud, or all sorts of
malfeasance.

Here's some recent examples from my junk mailbox:

Attention User;
Your email Quota is almost exceeded. We are currently doing a maintenance on
our server. Please, Visit page below to update your account and avoid losing
your inbox.
 
[link elided]

Thank you,
Technical Team

and another:

 

[Chris Angelico]

This sounds like a variation of a classic phishing scam. You get an
email which looks official, telling you that some account you have has
been suspended because you need to verify some information. The wording
of the message is always vague about exactly what account this is.

Don't click on any of the links. At best, they're harvesting email
addresses. At worst, they're harvesting personal information which can
be used for identity theft, credit card fraud, or all sorts of
malfeasance.

I agree in general, but I happen to be pretty familiar with Mailman
alerts, and this one was genuine. Also, it pointed to what does appear
to be the right address (mail.python.org). There's definitely
something going around that's causing problems for gmail users; maybe
spam is getting bounced/rejected instead of being dropped?

ChrisA

 

[Gisle Vanem]

I agree in general, but I happen to be pretty familiar with Mailman
alerts, and this one was genuine. Also, it pointed to what does appear
to be the right address (mail.python.org). There's definitely
something going around that's causing problems for gmail users;

It happended to me too. And I'm a Yahoo user. I clicked the MailMan
confirmation link and all emails seems to be received now (comparing
to what's on the NNTP group).

--gv

 

[Gregory Ewing]

The message also listed my
account password, which I found odd.

You mean the message contained your actual password,
in plain text? That's not just odd, it's rather worrying
for at least two reasons. First, what business does a
message like that have carrying a password, and second,
it means the server must be keeping passwords in a
readable form somewhere, which is a really bad idea.

 

[Chris “Kwpolska†Warrick]

You mean the message contained your actual password,
in plain text? That's not just odd, it's rather worrying
for at least two reasons. First, what business does a
message like that have carrying a password, and second,
it means the server must be keeping passwords in a
readable form somewhere, which is a really bad idea.

From the info page at https://mail.python.org/mailman/listinfo/python-list:

 

[Verde Denim]

Chris
Yes, I mean precisely that. The password was sent to me in the body of
the message in plaintext. That is what has me very concerned about the
list and its ability to protect private information.

Regards

Jack

From the info page at https://mail.python.org/mailman/listinfo/python-list:

--
Regards

Jack
Boston Tea Party, Coercive Acts, Powder Alarm, Revolution
Lessons (Mistakes) not learned are bound to be repeated.

 

[Chris Angelico]

Chris
Yes, I mean precisely that. The password was sent to me in the body of
the message in plaintext. That is what has me very concerned about the
list and its ability to protect private information.

The list specifically told you not to use a valuable password In
fact, a password is completely optional - it's just an alternative to
always having to do a click-through.

ChrisA

 

[Verde Denim]

The list specifically told you not to use a valuable password In
fact, a password is completely optional - it's just an alternative to
always having to do a click-through.

ChrisA

ChrisA
Each one of my accounts is completely different (and as random as I can
get them). Each one is also uniquely set to match a set of criteria of
my own choosing to indicate level of data, level of composite data,
level of integrity, level of criticality, and a few other 'soft values'.
This equates to each account being generated in a one-off fashion, so
I'm not worried that my list account here will ever show up somewhere
else in any other form. However, that doesn't mean that it doesn't
concern me that the list is publishing these values back to the list
participant(s) in plaintext. If I have to unsubscribe and then
re-subscribe without a pass-phrase I can do that but just wanted to make
the list admin(s) aware that it had occurred.

--
Regards

Jack
Boston Tea Party, Coercive Acts, Powder Alarm, Revolution
Lessons (Mistakes) not learned are bound to be repeated.

 

[Ned Deily]

Each one of my accounts is completely different (and as random as I can
get them). Each one is also uniquely set to match a set of criteria of
my own choosing to indicate level of data, level of composite data,
level of integrity, level of criticality, and a few other 'soft values'.
This equates to each account being generated in a one-off fashion, so
I'm not worried that my list account here will ever show up somewhere
else in any other form. However, that doesn't mean that it doesn't
concern me that the list is publishing these values back to the list
participant(s) in plaintext. If I have to unsubscribe and then
re-subscribe without a pass-phrase I can do that but just wanted to make
the list admin(s) aware that it had occurred.

Sending password reminders is a standard default of the venerable Mailman
mailing list software that powers Python-list and many other mailing lists.
You can visit the member options page and change the password and/or disable
the automatic reminders:

https://mail.python.org/mailman/options/python-list