Great Circle Associates Majordomo-Users
(October 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: protection for spoofed subscriptions?
From: tim finin <finin @ umbc . edu>
Organization: CSEE, University of Maryland Baltimore County
Date: Mon, 21 Oct 1996 17:54:40 -0400
To: Majordomo-Workers @ greatcircle . com, Majordomo-users @ greatcircle . com
Cc: finin @ algol . cs . umbc . edu
Reply-to: finin @ umbc . edu

I've been a happy majordomo user for some time and use it to manage
several dozen lists. I'm about to inherit another list with about 1300
subscribers and the current manager has warned about attacks in which
someone spoofs mail to subscribe an enemy to lots of mailing lists (see
below). Is there a feature, current or planned, in majordomo to help
protect a list from this?  Have others found this to be a problem?  I'm
not subscribed to these mailing lists currently, so if you respond,
please send email to me as well. Thanks,  Tim

--

> 4) The list needs to have better control over subscription.
>    Specifically, once a user asks to be subscribed - the listserv
>    needs to send a note back to the subscriber with a confirmation
>    number.  The user isn't actually subscribed until they return
>    this number to the listserver.
> 
>    This feature will prevent spamming.  One of my other mailing
>    lists were hit by spamming software - it nearly killed the list.
>    The agents list will be decimated if put through that kind of
>    attack.  The importance of this feature can't be understated.
> ...
> Actually, that isn't really the problem.  The ***** list was
> recently attack and readership droped of by 40%.  Here is what
> happened to the ***** list - I'm sure it will eventually happen
> to the XXXXX list.  (Which is why I the list really needs a new server).
> 
> There are several programs out there that will auto spam the person
> you hate.  You simply enter the persons name and email address and
> it will go to about 100 different mailing lists and subscribe the
> unsuspecting person.  As the list owner you have no idea if the
> mail has been faked or not.  (Sometimes the subscriber info is
> Joe Blow or Asshole - in which case you can assume they have been
> spamed.  However, most of the time this doesn't work.)
> The worst part, however, is that many of the people who get spammed
> are real jerks and start replying to the list with venom.  This
> is what nearly killed the ***** list.
> 
> Anyway, this is really why you need verification of a subscription.
> It's the only to stop this sort of attack - which unfortuantnly, is
> starting to occur more often.


Follow-Ups:
Indexed By Date Previous: Re: denying unsubscribe...
From: "Mr. Sarang Gupta" <sgupta@nmjc.org>
Next: Minor type in majordomo 1.94
From: Nick Perry <nick@amulation.co.uk>
Indexed By Thread Previous: Controlling the "Subject" file on a moderated list
From: Jean-Pierre Morant <jpm@marben.be>
Next: Re: protection for spoofed subscriptions?
From: Jason L Tibbitts III <tibbs@hpc.uh.edu>

Google
 
Search Internet Search www.greatcircle.com