|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Aspects of closed mailing lists
|
Just read an interesting bit in comp.risks. Seems that a spammer was
using a closed listserv to spew out his garbage. The scam is, forge a
header to the closed listserv that includes the _recipient's_ e-mail
address for the sender. The listserv then bounces the message --
including the original text -- to the "back" to the sender.
But wait, it gets better. In the spirit of last week's DDoS theme,
imagine sending e-mail to a closed listserv, forging as the sender --
another closed listserv! If both reply with the complete text of the
original message, you'll start a mailstorm of hellish proportions.
Recommendations:
* Turn off automated bounce messages. Quick-n-easy.
* If you think bounce messages are important, then configure your mailer
to only reply with the subject line of the rejected article.
* (If you've got time & source) Configure your mailer to scan the logs &
identify mailstorms.
I was intrigued by this, and I know that several people on the list are
responsible for listservs, so I thought maybe it would be good info for
the list.
--
Just junk food for thought...
______________________________________________________________________
Philadelphia Linux Users Group - http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
|
|