List-Managers: Directed attacks on mailing lists (?)

List-Managers
(December 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Directed attacks on mailing lists (?)
From:	"Ronald F. Guilmette" <rfg @ monkeys . com>
Date:	Wed, 24 Dec 1997 12:25:47 -0800
To:	List-Managers @ GreatCircle . COM


I and a number of other anti-spam advocates are now in the process of
seriously considering the implementation of a new and potentially
powerful tactic in our ongoing efforts to thwart E-mail spam and
E-mail spammers.

I do apologize, but unfortunately I cannot go into much more detail
about this new tactic at this time.

In any case, it has just occured to me that one potential side effect
of the plan now being developed is the opening up of a new and previously
unknown form of a denial-of-service attack on legitimate mailing lists.
Such an attack might be launched, by one or more disgruntled spammers,
in an effort to undermine the anti-spam tactic itself by getting mailing
list administrators, en mass, to call for its discontinuation.

In light of this possibility, I want to ask you mailing list administrators
to tell me (if you can) about any and all past experiences the list admin
community might have with respect to directed attacks on legitimate mailing
lists.  Specifically, I would like to know:

    a)	Is there any history or historical record of attacks made directly
	on mailing lists themselves, as opposed to individual subscribers?
	If so, please elaborate (at length).  For example, have there ever
	been instances in which some miscreant has attempted to subscribe
	one mailing list to another and vise versa?  If so, what happened,
	what was the final outcome, and what happened to the perpetrator?

    b)	Do existing mailing list administration packages cause all subscrip-
	tion requests to be archived (along with full headers) so that cases
	such as the one I just mentioned can be properly traced back to
	their true origin IP address?

    c)	What estimate would you give for the percentage of existing mailing
	lists whose subscription process is handled manually as opposed to
	fully automated?

P.S.  If you consider some of the answer to these questions to be exception-
ally sensitive in nature, please feel free to reply to me directly via
private E-mail.  Thanks.

-- Ron Guilmette, Roseville, California ---------- E-Scrub Technologies, Inc.
-- Deadbolt(tm) Personal E-Mail Filter demo: http://www.e-scrub.com/deadbolt/
-- Wpoison (web harvester poisoning) - demo: http://www.e-scrub.com/wpoison/

Follow-Ups:

Re: Directed attacks on mailing lists (?)
From: Paul Graham <pjg@acsu.buffalo.edu>
Re: Directed attacks on mailing lists (?)
From: Russ Allbery <rra@stanford.edu>

Indexed By Date	Previous:	Re: mailing list instructions (copyright) From: "Manar Hussain" <manar@ivision.co.uk>
Indexed By Date	Next:	e-mail attack by sportfan@gridscape.com From: Mike Nolan <nolan@celery.tssi.com>
Indexed By Thread	Previous:	Re: Moderating individual From: Info-LabVIEW List Maintainer <info-labview-request@pica.army.mil>
Indexed By Thread	Next:	Re: Directed attacks on mailing lists (?) From: Russ Allbery <rra@stanford.edu>