Majordomo-Workers: FYI

Majordomo-Workers
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	FYI
From:	George Herbert <gherbert @ crl . com>
Date:	Sun, 26 Nov 1995 14:46:09 -0800
To:	majordomo-workers @ greatcircle . com
Cc:	gherbert @ crl . com

This off the net (news.admin.net-abuse.misc); sounds like a feature which
would be very very useful to add to Majordomo.

>From jerikse@news.luc.edu Sun Nov 26 14:40:23 PST 1995
Article: 25564 of news.admin.net-abuse.misc
Path: nntp.crl.com!howland.reston.ans.net!vixen.cso.uiuc.edu!uchinews!news.luc.edu!jerikse
From: jerikse@news.luc.edu (Jason L. Eriksen)
Newsgroups: news.admin.net-abuse.misc
Subject: PROPOSAL: Eliminating List Mailbombs
Date: 26 Nov 1995 01:47:41 GMT
Organization: Loyola University Chicago
Lines: 47
Message-ID: <498gvt$b49@artemis.it.luc.edu>
NNTP-Posting-Host: 147.126.105.1
X-Newsreader: TIN [version 1.2 PL2]

A common tactic by viscious individuals is to subscribe people to hundreds
of mailing lists all at the same time, so that the victim receives hundreds
of messages per day.  It's nasty, pesky form of net abuse to which no
solutions have been universally adopted so far.

I have a proposal for preventing this problem which would require only
a few additional lines of code and storage space on a listserver:

Normal Scenario
---------------
1.  Sender requests subscription by sending the following message to a 
listserver

                subscribe <listname> <name@name.net>

2.  Listserver receives the subscription request.  It stores the name 
in a temporary request file, and also appends a randomly
created number to the file, so that the listserver now contains a 
temporary record in the following form

                e-mail address; token random number; date of request

(Date of request field has an expiration option)

3.  Listserver retains the original message, inserts the token random
number at the top of the message body, and mails the modified request
back to the given e-mail address.

4.  The sender receives this letter, and confirms the request by mailing
the new email with the token random number back to the listserver.  The
listserver looks for the token random number in the message body, and if
present, processes the request(s), then wipes the request entry from the
request file.

This strikes me as a sensible, simple solution that is fairly robust and
difficult to defeat.  I wonder why this system has not been implemented
on listservers, since mailbombing is a routine occurance which consumes
a lot of time, both of the victim's and of the system admin.

Jason Eriksen

--
The mechanic, who wishes to do his work well, must first sharpen his tools.
When you are living in any state,  take service with the most  worthy among
its great offices, and make friends with the most virtuous of its scholars.

Follow-Ups:

Re: FYI
From: Sean Kamath <kamath@pogo.WV.TEK.COM>

Indexed By Date	Previous:	Re: Majordomo Installation Problems From: Daily Cardinal Administrator <root@cardinal.wisc.edu>
Indexed By Date	Next:	Re: FYI From: Sean Kamath <kamath@pogo.WV.TEK.COM>
Indexed By Thread	Previous:	Re: Majordomo Installation Problems From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Indexed By Thread	Next:	Re: FYI From: Sean Kamath <kamath@pogo.WV.TEK.COM>