Yesterday, I started running the listserv alias (on Unix ListServ) through procmail, catching all of the bogus requests for a particular list. After looking at all of the mail I received, I'm really wondering how they do it. There is no trace of the origin of the message; it looks like it's coming from the real person. The Received: lines look good, and there is no single place this is coming from. On Mon, 13 Jan 1997, Paul M. Karagianis wrote: > On Mon, 13 Jan 1997 13:48:09 -0600 Catherine Anne Foulston said: > >(...) > >We have a real problem with these bogus subscriptions. There are > >a LOT of them. If they all came from a single source, it would be > >easy to stop them, but they don't. I'm wondering, though, if > >there is some web page or something out there that people are > >using to do this. > > SJU has 3 out of 350+ lists that have been getting clobbered with this > stuff for a couple of months now and I have been wondering more or less > the same thing myself. The view from here is that some high ranking > messiah among the legions of pimpled brain-doners circulated an exec or > macro that takes 1 to 20+ parameters and does the SMTP forgeries from > arg1 using args2 to n as the name. Since many of the perps use only one > or two args most of the subscriptions bomb out for invalid syntax. The > rest usually are to invalid addresses, full mailboxes, user refused or > expire confirmation. Still, there's enough traffic and resulting > bouncemail to make this annoying. Much of what I've seen lately comes > from cornell.edu and various asian domains, but it has been coming from > all over. Bob Jackiewicz UIC Academic Computer Center [log in to unmask] University of Illinois at Chicago Network Services