LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
A new form of malicious subscription.
Simeon ben Nevel <[log in to unmask]>
Fri, 13 Aug 1999 08:44:40 -0700
text/plain (48 lines) 
Here's a heads-up for all listowners...

At least one cretin has figured out a way to "subvert"
the confirmation process used by all clueful mailing list owners
to prevent the subscribing of people to the list without their
consent..

All it takes is a freebie provider of both mailforwarding AND
mail services (meaning the ability to send and receive mail
from a pseudo-anonymous account). In my case the mail-bomber
used mypad.com.

Here's how it works...

1) Register with the freebie provider to get a [log in to unmask]
   address.

2) Subscribe to a number of high-volume mailing lists.

3) Respond to all the confirmation messages using mypad.com services

4) Once all confirmations are acknowledged, activate the forwarding
   option and direct all incoming [log in to unmask] mail to
   [log in to unmask]

Happily, the full mail headers clearly reveals the forwarded account
used to relay the mail.  The "Received:" headers are especially
useful.

I've written the folk at mypad.com telling them that they should
implement some sort of positive confirmation *before* starting to
relay mail to a forwarding address.

I'll let you know if I hear anything back from them.

Simeon ben Nevel

ListOwner:
  PetBunny     (listserve)
  Lapine-Med-L (majordomo)
  BABL-List    (majordomo)
  PB-Ops       (eGroups.com)
  EtherBun     (MacJorDomo)
--
[log in to unmask]      =-=-=-=-=   A rabbit is just an angel with big ears!
Send mail to [log in to unmask] with Subject: send index to get a listing of
files available from my e-mail robot.  <*>

ATOM RSS1 RSS2