LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Spoofing alert ([log in to unmask])

Eric Thomas <[log in to unmask]>

Wed, 17 Apr 1996 14:29:46 +0200

text/plain (43 lines)

50  subscription   requests  have  been   received  in  the  last   1h  from
[log in to unmask] A copy  of the mail headers from the  most recent of these
requests is  enclosed below. The  subscription requests in question  are now
being cancelled.
 
Due to the protocols used on the Internet for mail delivery, it is extremely
easy for a  malicious user to forge an electronic  mail message from another
user. This vulnerability  has led to a practice known  as "spoofing" in list
owner jargon, through  which an innocent user is subscribed  to thousands of
mailing lists  with the intent of  filling up his mailbox  and rendering his
Internet account  essentially useless. This  is usually done  in retribution
for having  posted something on  a public  forum which made  the perpetrator
lose face.
 
There   is  unfortunately   no   defense  against   this  attack.   LISTSERV
automatically monitors  spoofing attempts  and blocks  subscription requests
after  a certain  threshold. In  addition,  it will  automatically undo  the
subscriptions which were accepted before  the spoofing attempt was detected.
Unfortunately, most  other mailing list  managers offer no  such protection,
and the victim must cancel the subscriptions individually.
 
An examination of the mail headers from the original request may reveal some
information about the  perpetrator. However, in most cases  this person will
be a  technically skilled  individual who  will know what  steps need  to be
taken in order  to hide one's track.  It is usually much  easier to identify
the perpetrator using traditional investigative methods, such as looking for
technically skilled individuals that the  victim has recently angered. It is
exceedingly rare, however, to find evidence that will stand in court.
 
-------------------------- Incoming mail header ----------------------------
Return-Path: <[log in to unmask]>
Received: from SEARN (NJE origin SMTPF@SEARN) by SEARN.SUNET.SE (LMail
          V1.2b/1.8b) with BSMTP id 1131; Wed, 17 Apr 1996 14:26:44 +0200
Received: from prof.esigetel.fr by SEARN.SUNET.SE (IBM VM SMTP V2R3) with TCP;
   Wed, 17 Apr 96 14:26:41 +0200
Received: from risc7.esigetel.fr by prof.esigetel.fr;
          (5.65/1.1.8.2/04Mar96-0542PM)
        id AA18438; Wed, 17 Apr 1996 14:25:00 +0200
Date: Wed, 17 Apr 1996 14:25:00 +0200
From: DORIGNY THORET <[log in to unmask]>
Message-Id: <[log in to unmask]>
Apparently-To: [log in to unmask]

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM