On 27 May 2015, at 16:49, Rui Ueyama <ruiu at google.com> wrote:> > David, > > The link works fine with my Mac and Android. The source of the mail looks okay to me (I verified that from a different machine than the one I sent the mail). You may want to check your browser or proxy?It’s correct in the plain-text version of the mail. The HTML MIME part contains this: <a href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttp-3A__reviews.llvm.org_D10036&d=3DAwMFaQ&c=3D8hUWFZcy2Z-Za5rBPlktOQ&r=3DMfk2qtn1LTDThVkh6-oGglNfMADXfJdty4_bhmuhMHA&m=3D8dYF1obzqNfZvfOxlk7H-g8VUfu1ZyS0GdcCWRkWxCk&s=3DRu6670O4y8SpAwlp17gVmI7BLz3mIY7gs1Irvo9iDRw&e=3D">http://reviews.llvm.org/D10036</a> Apparently they’re not malicious, but I find it somewhat unnerving when the URL that I click on turns out not to be the one that the mouseover text pops up. If you feel the need to insert a redirection link, I’d very much appreciate it if you would post the full link in the text version, as well as the href. If, on the other hand, you are unaware that your computer is doing this, then I would encourage you to work out what it is and that it is not malicious. The archives only include the plain text version, not the HTML copy, so will not see this. David
I sent the mail from Gmail. I checked the source using the Gmail "show original" mode (which displays a mail in plain text including headers and all MIME sections) from a different computer, but I cannot find that URL. I cannot check an email copy that the mailing list server sent back because Gmail automatically de-dup emails, which is annoying, but I think it's unlikely that my machine is infected from evidences I've seen so far. Maybe a mail transfer agent in between Gmail to you inserted the link? I'd appreciate if you can forward the mail including headers to me. On Wed, May 27, 2015 at 9:12 AM, David Chisnall <David.Chisnall at cl.cam.ac.uk> wrote:> On 27 May 2015, at 16:49, Rui Ueyama <ruiu at google.com> wrote: > > > > David, > > > > The link works fine with my Mac and Android. The source of the mail > looks okay to me (I verified that from a different machine than the one I > sent the mail). You may want to check your browser or proxy? > > It’s correct in the plain-text version of the mail. The HTML MIME part > contains this: > > <a href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttp-3A__reviews> > .llvm.org_D10036&d=3DAwMFaQ&c=3D8hUWFZcy2Z-Za5rBPlktOQ&r=3DMfk2qtn1LTDThVkh> > 6-oGglNfMADXfJdty4_bhmuhMHA&m=3D8dYF1obzqNfZvfOxlk7H-g8VUfu1ZyS0GdcCWRkWxCk> &s=3DRu6670O4y8SpAwlp17gVmI7BLz3mIY7gs1Irvo9iDRw&e=3D"> > http://reviews.llvm.> org/D10036</a> > > Apparently they’re not malicious, but I find it somewhat unnerving when > the URL that I click on turns out not to be the one that the mouseover text > pops up. If you feel the need to insert a redirection link, I’d very much > appreciate it if you would post the full link in the text version, as well > as the href. If, on the other hand, you are unaware that your computer is > doing this, then I would encourage you to work out what it is and that it > is not malicious. > > The archives only include the plain text version, not the HTML copy, so > will not see this. > > David > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150527/8070d044/attachment.html>
I think I found the problem: https://opia.illinois.edu/content/targeted-attack-protection-tuning UIUC is apparently rewriting HTML links in emails to redirect through urldefense.proofpoint.com. This is visible in my version of Rui's email. On Wed, May 27, 2015 at 9:36 AM, Rui Ueyama <ruiu at google.com> wrote:> I sent the mail from Gmail. I checked the source using the Gmail "show > original" mode (which displays a mail in plain text including headers and > all MIME sections) from a different computer, but I cannot find that URL. I > cannot check an email copy that the mailing list server sent back because > Gmail automatically de-dup emails, which is annoying, but I think it's > unlikely that my machine is infected from evidences I've seen so far. Maybe > a mail transfer agent in between Gmail to you inserted the link? I'd > appreciate if you can forward the mail including headers to me. > > On Wed, May 27, 2015 at 9:12 AM, David Chisnall < > David.Chisnall at cl.cam.ac.uk> wrote: > >> On 27 May 2015, at 16:49, Rui Ueyama <ruiu at google.com> wrote: >> > >> > David, >> > >> > The link works fine with my Mac and Android. The source of the mail >> looks okay to me (I verified that from a different machine than the one I >> sent the mail). You may want to check your browser or proxy? >> >> It’s correct in the plain-text version of the mail. The HTML MIME part >> contains this: >> >> <a href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttp-3A__reviews>> >> .llvm.org_D10036&d=3DAwMFaQ&c=3D8hUWFZcy2Z-Za5rBPlktOQ&r=3DMfk2qtn1LTDThVkh>> >> 6-oGglNfMADXfJdty4_bhmuhMHA&m=3D8dYF1obzqNfZvfOxlk7H-g8VUfu1ZyS0GdcCWRkWxCk>> &s=3DRu6670O4y8SpAwlp17gVmI7BLz3mIY7gs1Irvo9iDRw&e=3D"> >> http://reviews.llvm. >> <https://urldefense.proofpoint.com/v2/url?u=http-3A__reviews.llvm.&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Mfk2qtn1LTDThVkh6-oGglNfMADXfJdty4_bhmuhMHA&m=UxTA9_ALGj6dP9lASAs-vE6FoBX_s9ZbD803t-a4XQA&s=Ubr9G2mEli5qzBQAq5lmtafexJu4OZ_lw4HIpfG_QKM&e=> >> >> org/D10036</a> >> >> Apparently they’re not malicious, but I find it somewhat unnerving when >> the URL that I click on turns out not to be the one that the mouseover text >> pops up. If you feel the need to insert a redirection link, I’d very much >> appreciate it if you would post the full link in the text version, as well >> as the href. If, on the other hand, you are unaware that your computer is >> doing this, then I would encourage you to work out what it is and that it >> is not malicious. >> >> The archives only include the plain text version, not the HTML copy, so >> will not see this. >> >> David >> >> > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150527/3f7ac324/attachment.html>
On 27 May 2015 at 09:36, Rui Ueyama <ruiu at google.com> wrote:> I sent the mail from Gmail. I checked the source using the Gmail "show > original" mode (which displays a mail in plain text including headers and > all MIME sections) from a different computer, but I cannot find that URL.I see it in GMail's "show original" (at the start of the usual terribly-formatted HTML block). But I suspect it's the mailing list's servers rather than your computer, Rui. This might be related: https://opia.illinois.edu/content/targeted-attack-protection-tuning Messing with people's messages is not great though, no matter how well-intentioned. I bet they'd break signatures, for a start. Tim.
Seemingly Similar Threads
- [LLVMdev] LLD improvement plan
- [LLVMdev] LLD improvement plan
- [LLVMdev] LLD improvement plan
- [LLVMdev] [RFC] Late May Update: Progress report on CMake build system's ability to replace autoconf
- [LLVMdev] [RFC] Late May Update: Progress report on CMake build system's ability to replace autoconf