Great Circle Associates List-Managers
(January 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: 3rd party auto-reply mailing list attack
From: Gene Rackow <rackow @ mcs . anl . gov>
Date: Mon, 22 Jan 1996 06:33:43 -0600
To: Brent @ GreatCircle . COM (Brent Chapman)
Cc: dmckeon @ swcp . com, list-managers @ GreatCircle . COM, rackow @ antares . mcs . anl . gov
In-reply-to: Your message of "Sun, 21 Jan 1996 23:02:47 +0100." <v02130512ad2867a37598 @ [198 . 102 . 244 . 42]>

Brent Chapman made the following keystrokes:
 >At 1:10 PM 1/21/96, Denis McKeon wrote:
 >>Brent - I was going to post this, and thought better of it -
 >>perhaps you would find it useful on the list-managers mailing list.
 >
 >I'm not sure how effective this will be; there are an awful lot of such
 >addresses.
 >
 >>2)  mailing list manager software could be configured to continue
 >>    automatically processing subscription requests of the form:
 >>
 >>        subscribe <listname>
 >>
 >>    with the sending (From: or envelope) address as the <subscriber address>
 >>    but to save for manual human processing subscription requests of:
 >>
 >>        subscribe <listname> [<subscriber address>]
 >>
 >>    and requests of:
 >>
 >>        subscribe <listname>
 >>
 >>    where the Reply-To: differs from the sending (From: or envelope) address
 >  .
 >
 >This is what Majordomo does in its standard (recommended) configuration.
 >

A problem that I think both of you are overlooking is that the bozo could
just munge his From: line to be what he wants and then the <subscriber adddress>
is not needed and the subscription needs no approval. ;-(  I've used this
method myself several times when I wanted to subscribe a local exploder to
a remote mailing list without having to wait the several weeks for approval
to happen.  I don't see a method that is going to stop these bozo's from
spamming the lists.

--Gene



References:
Indexed By Date Previous: Re: 3rd party auto-reply mailing list attack
From: Brent @ GreatCircle . COM (Brent Chapman)
Next: Re: 3rd party auto-reply mailing list attack
From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Thread Previous: Re: 3rd party auto-reply mailing list attack
From: Brent @ GreatCircle . COM (Brent Chapman)
Next: Re: 3rd party auto-reply mailing list attack
From: Brent @ GreatCircle . COM (Brent Chapman)

Google
 
Search Internet Search www.greatcircle.com