Re: suspicious new e-mail address notification of a contributer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Oohara Yuuma wrote:
>I received an e-mail from a contributer of a Debian package I maintain.
>The mail says his e-mail address is no longer operational and he has
>a new one. Because his work is an important part of the package,
>it will be good to mention it in the changelog of the package.
>
>The problem is that the mail is written in a way which makes me think
>it is a spam:
>* more than 50 addresses in the Cc: list
This is believable if he is sending it to everyone. Spam usually
doesn't have any CC's.
>* the claimed "new address" is @yahoo.ca
Could it be temporary? Is he located in CA? Hard to tell.
>* not GPG signed, no information about him in the body
Very suspicious.
>If it is a spam, then updating the old address is wrong and responding
>to it is not very safe. I have no other way to contact him.
>What should I do?
>
My recommendation is forging your from header and sending a GPG
encrypted message to his key to the address. If it's him, he should be
able to decrypt it, get your right info and send you a message.
Benjamin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDG7pQev9LOsNKpIQRAp5SAJ9V1rNnI9pblHQlpV/lbkg3g0bqngCeOg3E
6MThTn6ZiY/fpsUplp/CFLU=
=Mw81
-----END PGP SIGNATURE-----
Reply to: