I would like to take this time to welcome you to our hiring process and give you a brief synopsis of the position's benefits and requirements.
If you are taking a career break, are on a maternity leave, recently retired or simply looking for some part-time job, this position is for you.
Occupation: Flexible schedule 2 to 8 hours per day. We can guarantee a minimum 20 hrs/week occupation Salary: Starting salary is 2000 GBP per month plus commission, paid every month. Business hours: 9:00 AM to 5:00 PM, MON-FRI, 9:00 AM to 1:00 PM SAT or part time (UK time).
Region: United Kingdom.
Please note that there are no startup fees or deposits to start working for us.
To request an application form, schedule your interview and receive more information about this position please reply to Tommy@xpatjobsuk.com,with your personal identification number for this position IDNO: 3985
This is definitely a fraud message, checked it on various scamming sites
On Thu, Aug 30, 2012 at 8:45 PM, board@wikimedia.org wrote:
I would like to take this time to welcome you to our hiring process and give you a brief synopsis of the position's benefits and requirements.
If you are taking a career break, are on a maternity leave, recently retired or simply looking for some part-time job, this position is for you.
Occupation: Flexible schedule 2 to 8 hours per day. We can guarantee a minimum 20 hrs/week occupation Salary: Starting salary is 2000 GBP per month plus commission, paid every month. Business hours: 9:00 AM to 5:00 PM, MON-FRI, 9:00 AM to 1:00 PM SAT or part time (UK time).
Region: United Kingdom.
Please note that there are no startup fees or deposits to start working for us.
To request an application form, schedule your interview and receive more information about this position please reply to Tommy@xpatjobsuk.com,with your personal identification number for this position IDNO: 3985
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
This brings up the question. Why does wikimedia.org not have a SPF record?
We should be rejecting wikimedia.org emails that we know do not come from Wikimedia.
On 31/08/12 04:15, Daniel Friesen wrote:
This brings up the question. Why does wikimedia.org not have a SPF record?
We should be rejecting wikimedia.org emails that we know do not come from Wikimedia.
In May, Jeff Green proposed deploying it with "softfail", but it wasn't ever actually done. Nobody wanted to use a "fail" qualifier, due to the risk of legitimate mail not being delivered. So even if he had deployed it, it probably wouldn't have helped in this case.
Mailman's security weaknesses are inherent to the protocol it uses, there's no way to repair it. The scam email could have been sent with a "From" header copied from anyone who has posted to the list recently. In the unlikely event that SPF fail was used for that sender and the receiver respected it, the scammer could have just picked again. We should use a web interface for posting to groups, web interfaces can be password protected without breaking 99% of clients.
I removed board@wikimedia.org from the list of email addresses that are allowed to post to the list without being subscribed.
-- Tim Starling
I still think it's a very good idea to deploy both SPF and domainkeys. SPF keeps coming up--twice this week from completely different quarters. Today the mailhouse we hired to help with the fundraiser tells me our deliverability with one major ISP is poor because we lack SPF.
We are currently stuck at the step of mapping out how we originate mail for the whitelist. Production and Google Apps mail are easy. But people say we may have volunteers, board members, etc. who do not use our known mail routes. I think OIT is in the best position to sort that out. They're the go-to for mail client setup and can survey any outliers. I spoke to Andrew about it in June and he was up for it but felt it needs to be approved and prioritized by managers.
jg
On Fri, 31 Aug 2012, Tim Starling wrote:
On 31/08/12 04:15, Daniel Friesen wrote:
This brings up the question. Why does wikimedia.org not have a SPF record?
We should be rejecting wikimedia.org emails that we know do not come from Wikimedia.
In May, Jeff Green proposed deploying it with "softfail", but it wasn't ever actually done. Nobody wanted to use a "fail" qualifier, due to the risk of legitimate mail not being delivered. So even if he had deployed it, it probably wouldn't have helped in this case.
Mailman's security weaknesses are inherent to the protocol it uses, there's no way to repair it. The scam email could have been sent with a "From" header copied from anyone who has posted to the list recently. In the unlikely event that SPF fail was used for that sender and the receiver respected it, the scammer could have just picked again. We should use a web interface for posting to groups, web interfaces can be password protected without breaking 99% of clients.
I removed board@wikimedia.org from the list of email addresses that are allowed to post to the list without being subscribed.
-- Tim Starling
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I still think it's a very good idea to deploy both SPF and domainkeys. SPF keeps coming up--twice this week from completely different quarters. Today the mailhouse we hired to help with the fundraiser tells me our deliverability with one major ISP is poor because we lack SPF.
We are currently stuck at the step of mapping out how we originate mail for the whitelist. Production and Google Apps mail are easy. But people say we may have volunteers, board members, etc. who do not use our known mail routes. I think OIT is in the best position to sort that out. They're the go-to for mail client setup and can survey any outliers. I spoke to Andrew about it in June and he was up for it but felt it needs to be approved and prioritized by managers.
Forgive me for not knowing, but what is OIT? A quick Google gives me Oregon Institute of Technology, but I that is it given the context.
Thank you, Derric Atzrott
On Fri, Aug 31, 2012 at 1:07 PM, Derric Atzrott datzrott@alizeepathology.com wrote:
Forgive me for not knowing, but what is OIT? A quick Google gives me Oregon Institute of Technology, but I that is it given the context.
Wikimedia's Office IT department.
Roan
that should read "survey and reconfigure any outliers"
On Fri, 31 Aug 2012, Jeff Green wrote:
I still think it's a very good idea to deploy both SPF and domainkeys. SPF keeps coming up--twice this week from completely different quarters. Today the mailhouse we hired to help with the fundraiser tells me our deliverability with one major ISP is poor because we lack SPF.
We are currently stuck at the step of mapping out how we originate mail for the whitelist. Production and Google Apps mail are easy. But people say we may have volunteers, board members, etc. who do not use our known mail routes. I think OIT is in the best position to sort that out. They're the go-to for mail client setup and can survey any outliers. I spoke to Andrew about it in June and he was up for it but felt it needs to be approved and prioritized by managers.
jg
On Fri, 31 Aug 2012, Tim Starling wrote:
On 31/08/12 04:15, Daniel Friesen wrote:
This brings up the question. Why does wikimedia.org not have a SPF record?
We should be rejecting wikimedia.org emails that we know do not come from Wikimedia.
In May, Jeff Green proposed deploying it with "softfail", but it wasn't ever actually done. Nobody wanted to use a "fail" qualifier, due to the risk of legitimate mail not being delivered. So even if he had deployed it, it probably wouldn't have helped in this case.
Mailman's security weaknesses are inherent to the protocol it uses, there's no way to repair it. The scam email could have been sent with a "From" header copied from anyone who has posted to the list recently. In the unlikely event that SPF fail was used for that sender and the receiver respected it, the scammer could have just picked again. We should use a web interface for posting to groups, web interfaces can be password protected without breaking 99% of clients.
I removed board@wikimedia.org from the list of email addresses that are allowed to post to the list without being subscribed.
-- Tim Starling
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 08/31/2012 04:01 PM, Jeff Green wrote:
We are currently stuck at the step of mapping out how we originate mail for the whitelist. Production and Google Apps mail are easy. But people say we may have volunteers, board members, etc. who do not use our known mail routes.
I'm not why you couldn't give volunteers, etc. a server to send from and add that IP to your trusted senders for the domain that they use (assuming they're using one of your domains for their email address).
This does seem like an OIT function instead of an Operations one, but it seems very doable. Thunderbird, at least, supports different servers per-identity.
Mark.
On Fri, 31 Aug 2012, Mark A. Hershberger wrote:
On 08/31/2012 04:01 PM, Jeff Green wrote:
We are currently stuck at the step of mapping out how we originate mail for the whitelist. Production and Google Apps mail are easy. But people say we may have volunteers, board members, etc. who do not use our known mail routes.
I'm not why you couldn't give volunteers, etc. a server to send from and add that IP to your trusted senders for the domain that they use (assuming they're using one of your domains for their email address).
Andrew suggested giving them Google apps accounts. I think it's a great solution--it allows people to use gmail or pretty much any mail client they want.
This does seem like an OIT function instead of an Operations one, but it seems very doable. Thunderbird, at least, supports different servers per-identity.
Mark.
Human evil is not a problem. It is a mystery. It cannot be solved. -- When Atheism Becomes a Religion, Chris Hedges
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 08/31/2012 04:31 PM, Jeff Green wrote:
On Fri, 31 Aug 2012, Mark A. Hershberger wrote:
I'm not why you couldn't give volunteers, etc. a server to send from and add that IP to your trusted senders for the domain that they use (assuming they're using one of your domains for their email address).
Andrew suggested giving them Google apps accounts. I think it's a great solution--it allows people to use gmail or pretty much any mail client they want.
Yes, that makes sense given that the Foundation already uses Google Apps.
But in an organization like the Foundation, you'll come across volunteers, etc., who would prefer to use Google as little as possible. I make my own attempts at this (which is why I run my own email server for my friends and family).
I think it makes sense to accommodate those Foundation supporters by providing the ability to send email reliably.
I've done this using ReturnPath and my server for some non-profits I work with. It does take some time to set up, but ongoing maintenance is minimal.
Le 31/08/12 22:43, Mark A. Hershberger a écrit :
But in an organization like the Foundation, you'll come across volunteers, etc., who would prefer to use Google as little as possible. I make my own attempts at this (which is why I run my own email server for my friends and family).
Note that one can use IMAP instead of the Gmail interface.
On 09/01/2012 04:01 PM, Antoine Musso wrote:
Le 31/08/12 22:43, Mark A. Hershberger a écrit :
But in an organization like the Foundation, you'll come across volunteers, etc., who would prefer to use Google as little as possible. I make my own attempts at this (which is why I run my own email server for my friends and family).
Note that one can use IMAP instead of the Gmail interface.
And you can use SMTP instead of the Gmail interface for sending email.
As true as all this is, some of us would prefer to keep an advertising giant like Google out of our business as much as possible.
As true as all this is, some of us would prefer to keep an advertising giant like Google out of our business as much as possible.
Or alternatively, a non-free software giant like Google. But it comes to roughly the same conclusion.
On Sat, Sep 1, 2012 at 1:53 PM, Mark Holmquist mtraceur@member.fsf.org wrote:
As true as all this is, some of us would prefer to keep an advertising giant like Google out of our business as much as possible.
Or alternatively, a non-free software giant like Google. But it comes to roughly the same conclusion.
That's nice, but as a business decision the wikimedia foundation has decided to host our corporate email with Google. For personal mail we all have the choice of whatever system we would like, but this business decision has been made for us, and if someone wants a wikimedia.org address, I don't think it's an onerous burden to require that they use our current infrastructure to access it, instead of requiring us to do a lot of difficult workarounds. Unless I've missed something, using wikimedia.org for non-employees is a option, not a necessity.
Leslie
-- Mark Holmquist Contractor, Wikimedia Foundation mtraceur@member.fsf.org http://marktraceur.info
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
That's nice, but as a business decision the wikimedia foundation has decided to host our corporate email with Google. For personal mail we all have the choice of whatever system we would like, but this business decision has been made for us, and if someone wants a wikimedia.org address, I don't think it's an onerous burden to require that they use our current infrastructure to access it, instead of requiring us to do a lot of difficult workarounds. Unless I've missed something, using wikimedia.org for non-employees is a option, not a necessity.
It was my understanding that part of this discussion was to require volunteers to use a specific mail server to post to the list....but now I can't find the message that gave me that impression, so maybe I've misunderstood the nature of the thread?
(I'm leaving out arguments about the decision to host with Google, but it seems like a relevant thing, perhaps there are archived discussions that I could read?)
On Sat, Sep 1, 2012 at 4:18 PM, Mark Holmquist mtraceur@member.fsf.org wrote:
That's nice, but as a business decision the wikimedia foundation has decided to host our corporate email with Google. For personal mail we all have the choice of whatever system we would like, but this business decision has been made for us, and if someone wants a wikimedia.org address, I don't think it's an onerous burden to require that they use our current infrastructure to access it, instead of requiring us to do a lot of difficult workarounds. Unless I've missed something, using wikimedia.org for non-employees is a option, not a necessity.
It was my understanding that part of this discussion was to require volunteers to use a specific mail server to post to the list....but now I can't find the message that gave me that impression, so maybe I've misunderstood the nature of the thread?
I believe the nature was SPF checks for mail claiming to be sourced from wikimedia.org addresses. This would require an "authoritative" SMTP server but wouldn't prevent non @wikimedia.org email addresses from posting to the list.
Leslie
(I'm leaving out arguments about the decision to host with Google, but it seems like a relevant thing, perhaps there are archived discussions that I could read?)
-- Mark Holmquist Contractor, Wikimedia Foundation mtraceur@member.fsf.org http://marktraceur.info
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Mark Holmquist wrote:
(I'm leaving out arguments about the decision to host with Google, but it seems like a relevant thing, perhaps there are archived discussions that I could read?)
The Wikimedia Foundation's decision to switch to Google Apps came up on foundation-l in October 2010. The relevant thread can be found here: http://lists.wikimedia.org/pipermail/foundation-l/2010-October/thread.html (search for "Google Apps").
MZMcBride
On 31/08/12 22:31, Jeff Green wrote:
On Fri, 31 Aug 2012, Mark A. Hershberger wrote:
On 08/31/2012 04:01 PM, Jeff Green wrote:
We are currently stuck at the step of mapping out how we originate mail for the whitelist. Production and Google Apps mail are easy. But people say we may have volunteers, board members, etc. who do not use our known mail routes.
I'm not why you couldn't give volunteers, etc. a server to send from and add that IP to your trusted senders for the domain that they use (assuming they're using one of your domains for their email address).
Andrew suggested giving them Google apps accounts. I think it's a great solution--it allows people to use gmail or pretty much any mail client they want.
Volunteers don't have @wikimedia.org addresses...
Moreover, I expect Ops to know which wikimedia.org emails are valid, so they could in theory send a mass mail alerting of an upcomin change, although I expect anyone with that email would be in internal-l.
Posts going to a mailing list through gmane could be a problem though, since the mail goes user -> gmane -> mchenry -> distribution.
Andrew suggested giving them Google apps accounts. I think it's a great solution--it allows people to use gmail or pretty much any mail client they want.
However, it forces them to use the google mail servers, which may be less-than-desirable for some of us (me included) for various reasons. Better to handle blacklisting, and let people use their own mail servers or whatever else they'd like.
wikitech-l@lists.wikimedia.org