On Wed, 22 Oct 2003 10:17:21 EDT, "William H. Magill" <[log in to unmask]>  said:
> I received this email yesterday. You should recognize what they are
> trying to do.
> I don't subscribe to the various security lists anymore...  but it
> looks like there might be a new "exploit" afoot. Someone needs to do an
> analysis.

Umm.. I *am* on most of the more relevant security lists, and this looks like
news to me.  However, why would what you posted say "new exploit" to anybody?
At best, it's an attempt to just unsub users.  Now, if you had evidence they
had gotten a new and creative way to obtain the subscriber list or similar...

Also, when chasing things like this, it's *very* important that you include the
*original* headers, or at least your MTA logs to chase back where it came from
as far as you can (for instance, if it was mail to my listserv, it probably
came through our Mirapoint front-ends, and I'd have to chase through those logs
to figure out who sent it to us...)

> Return-Path: <[log in to unmask]>

bounce- ???

If I'm reading these headers correctly, thompsonmedia.com sent the mail to you
directly, and it didn't go anywhere near a Listserv or Majordomo.  I'm failing
to see how they expected this to ever work.  Either the Thompsonmedia people
are totally clueless, or there's something missing here....

> The only reason I didn't simply ignore and delete this as "junk" when
> received was because a list I belong to was apparently hacked yesterday
> afternoon with 40 aol.com users deleted from it apparently in a batch.

Getting on AOL's block list is a good way to have lots of mail bounce and
get the users auto-unsubscribed if your system is configured to do so on a bounce....