LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Monitoring non subscriber addresses

Hal Keen <[log in to unmask]>

Wed, 22 Nov 2006 18:54:52 -0600

text/plain (47 lines)

> A list owner has contacted us asking why he is receiving error
> monitoring reports for users who are not subscribed to his list.
>
> The list in question is Subscription by owner and  private posting.
>
> Do spammers  who try to post when they are not subscribers to the list
> get added to the monitoring list? The report shows that most of these
> users dont exist (which is likely true).

That might be one cause, but in my experience a lot of these nonexistent,
nonsubscribed users are the result of viruses. Not viruses getting through
the list, but viruses infecting some of your users' machines.

Most infections these days, at least affecting Windows systems, include
address spoofing: once they have access to a system, they can scan it for
addresses and randomly pick one address to send themselves to, and another
address to use in the "From:" field. If they happen to pick the list-owner
address for the "From:" field, they might get rejected (for various reasons
including an outdated target address or being detected as a virus) and the
destination system sends the rejection message back to the list-owner
address, which can get it trapped and put on the error reports.

I see these frequently. They aren't the result of spam attacks, because my
list allows outsiders to post (with my approval). Spammers (who beat the
heck out of us until we got off Majordomo) have tried only twice in two and
a half years; once it is obvious they won't get through, they go away.
Viruses have been a constant factor; when too many of them are cropping up,
I sometimes send the list a reminder that antivirus software needs to be
brought up to date.

A third cause is the occasional subscriber who used an old address and
hasn't updated because it's still forwarding all his list email--until he
changes jobs a second time (or some such thing) and the forwarding address
stops working, too. If I can't figure out from username similarities which
subscriber is affected, I sometimes change to Auto-Delete= No long enough to
read an actual bounce report instead of the summary. (That would bother
others more, but I keep mine on Manual and figure out which ones should
actually be deleted the hard way--retention of subscribers is important to
our group.)

The pattern of errors may indicate what's going wrong. Viruses usually hit a
single address only once or twice, and the report eventually times out in
Auto-Delete= Delay() days. A bad remapped subscription generally starts
bouncing everything until you find the bad address and get rid of it.

Hal Keen

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM