On Sun, Jan 23, 2000 at 03:39:18AM -0500, Mike A. Harris wrote:
> I have received a number of extremely rude messages from people
> with USWEST email addresses. I am keeping their email addresses
> private for now, however will provide them to matti or davem if
> necessary.
> I posted a reply to Alan Cox on l-k and to alan directly, as well
> as various other postings on l-k. Many people from uswest seem
> to be getting these postings who don't appear to know they are on
> the mailing list, or even what Linux is for that matter.
> The way I see it, someone out there is subscribing people without
> their knowledge somehow. I don't know how that can be prevented,
> but please someone look into it ASAP.
It's called subscribe bombing. You don't like someone, you set
up a script or access one of these massive subscription web pages and
subscribe them to as many mailing lists as you can. Next thing they
know, they're being flooded with thousands of messages from hundreds
of mailing lists with no idea how they got there and no idea how to
get off.
This is a plague not only to the unfortunate users but to the mailing
list operators who have to deal with irrate subscribers who never wanted
to receive this mail. Some think you are spamming them. Some will mailbomb
you back thinking YOU have something in for them. Most are demanding to
know WHY you are sending them this mail. Few have a clue how to get off
the lists. Few will read so much as a single message and the "unsubscribe"
hints at the bottom of the messages do little or no good.
At Internet Security Systems, we were being abused like this for
a while. We finally switched all of our majordomo mailing list subscribe
policies to "subscribe_policy = open+confirm". That means that anyone
attempting to subscribe gets a message that they must confirm by composing
a new message. You cannot get it to work by simply replying. It's amazing
how many people do NOT read the message and attempt to reply or do something
else stupid other than follow the instructions. Those we figure have
"failed the subscription intelligence test" and ignore.
I've since received a few messages from panicky people who have
suddenly gotten dozens of "confirmation requests" from ISS for the dozens
of lists someone tried to subscribe-bomb them to. They plead not to
add them to any lists... I ignore them too since they don't get added
unless they follow the subscription instructions (which they obviously
didn't read or follow). :-)
We think there are some web pages out there now that, with the click
of a button, allows someone to subscribe another individual to a large
number of mailing lists, including lists as ISS. Those pages link to scripts
which then interact with our web site and cycles through our subscription
forms there. With a few mouse clicks, one can subscribe someone they don't
like to hundreds of lists that individual didn't ask for and doesn't want.
With the level of subscribe bombing going on, no list should be
open subscription without some form of confirmation or acknowledgement
which can not be spoofed (hash cookies required). Majordomo now provides
for that as an option on a list by list basis.
I've also cobbled together some periodic address probes we are no
using to test addresses and subscriptions every few months to confirm that
they are good and that the subscribers still want to be on. Anyone responding
intentionally, by error bounce, or by autoresponder get unsubscribed from
all our lists. They also get notified they have been unsubscribed in case
it was a subscriber to an exploder we didn't know about (and the whole $#@$#@
exploder gets removed). When I first put that script into operation, in the
first week of operation it unsubscribed over 7,000 addresses that were either
bad, had autoresponders, or were people who wanted off and couldn't figure
there way out. The owners of the individuals lists now think I walk on
water. :-)
We have almost 50,000 unique addresses subscribed to 1 or more of
several dozen mailing lists. Tripple that when you factor in exploders.
Managing the bounces just from the addresses that become invalid each month
is a nightmare. Add these #@!$@!$@! subscribe bombers, and we could add
another person full time just for that job if it wasn't for the confirmations.
Some people are receiving mail from our lists and we can't even find their
user id (or any sub-permutation) or their host name on any lists! Tracking
them down through aliases and forwardings is unbelievable. We've even had
some pricks go to the trouble of subscribing an account to all our lists,
answering the confirmations, and then forwarding all the mail at "the mark".
You can only track them down if you can get all the "Received-by" headers
(which most Windows users don't know how to find). Some bastards go to
incredible extremes.
There aren't answers or solutions. There are only ideas like
subscription confirmations and periodic address testing that help. They
eliminate the easy 90% and leave us with a lot few (but a lot tougher) ones.
> --
> Mike A. Harris Linux advocate
> Computer Consultant GNU advocate
> Capslock Consulting Open Source advocate
>
> Join the FreeMWare project - the goal to produce a FREE program in
> which you can run Windows 95/98/NT, and other operating systems.
>
> http://www.freemware.org
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:11 EST