Opened 10 years ago
Closed 7 years ago
#767 closed defect (bug) (wontfix)
Security Confirmation Emails Go To Spam
Reported by: | chriscct7 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | Mailing Lists | Keywords: | |
Cc: |
Description
Submitted a security ticket today which @nacin and I talked about, and realized it wasn't valid.
After doing so, the security confirmation email rolled in, and it went directly to spam: http://screencloud.net/v/lHVz
There's a danger people might have submitted tickets and dont realize they had to go in spam and approve them
Change History (4)
This ticket was mentioned in Slack in #meta by ocean90. View the logs.
9 years ago
#3
@
9 years ago
- Keywords reporter-feedback removed
Yes I do. Because it is a security ticket in question, I've attached a copy of all of the headers below with the from email address and the content header redacted:
From (redacted) Wed Feb 25 19:15:43 2015 Received: from mail.wordpress.org ([66.155.40.19]:21144) by marx.multipattern.com with esmtp (Exim 4.84) (envelope-from <(redacted)>) id 1YQhQl-0006Ot-8s for report@security.wordpress.org; Wed, 25 Feb 2015 19:15:43 +0000 Received: from smtp.ufl.edu (smtp-prod02.osg.ufl.edu [128.227.74.218]) by mail.wordpress.org (Postfix) with ESMTP id 2AEFD2017F1 for <security@wordpress.org>; Wed, 25 Feb 2015 19:15:35 +0000 (UTC) X-UFL-GatorLink-Authenticated: authenticated as chriscct7 () with PLAIN from 209.85.215.50 Received: from mail-la0-f50.google.com (mail-la0-f50.google.com [209.85.215.50]) (authenticated bits=0) by smtp.ufl.edu (8.14.4/8.14.4/3.0.0) with ESMTP id t1PJFWjF056051 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <security@wordpress.org>; Wed, 25 Feb 2015 14:15:33 -0500 Received: by lams18 with SMTP id s18so6093410lam.11 for <security@wordpress.org>; Wed, 25 Feb 2015 11:15:32 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.112.97.106 with SMTP id dz10mr4325849lbb.4.1424891732100; Wed, 25 Feb 2015 11:15:32 -0800 (PST) Received: by 10.152.45.165 with HTTP; Wed, 25 Feb 2015 11:15:32 -0800 (PST) Date: Wed, 25 Feb 2015 14:15:32 -0500 Message-ID: <CAKgzEGacassL=Ly6=5rokztdi3hDMcEzhGUYjyz51DPOQrmtYQ@mail.gmail.com> Subject: Security Report From: Chris Christoff <(redacted)> To: security@wordpress.org Content-Type: multipart/alternative; boundary=001a11345b12890d0a050fee752d X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68,1.0.33,0.0.0000 definitions=2015-02-25_07:2015-02-25,2015-02-25,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=2 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1502250200 X-Spam-Level: * X-UFL-Spam-Level: * X-Spam-Status: No, score=-1.6 X-Spam-Score: -15 X-Spam-Bar: - X-Ham-Report: Spam detection software, running on the system "marx.multipattern.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: (redacted) Content analysis details: (-1.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: wordpress.org] 0.3 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML obfuscation -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML included in message X-Spam-Flag: NO
#4
@
7 years ago
- Component changed from General to Mailing Lists
- Resolution set to wontfix
- Status changed from new to closed
As we no longer advertise the security@
email address in preference for https://hackerone.com/wordpress I'm going to close this as wontfix
.
A number of things were changed with WordPress.org email over the last two years, so it may have been fixed, but I can't be sure, but either way, no longer needed.
@chriscct7 Do you still have the mail? Can you attache the email header to this ticket?