Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] Google creates SPAM haven
From: Volker Tanger (vtlistswyae.de)
Date: Sun Feb 12 2006 - 13:22:10 CST
Adam Laurie <adam.lauriethebunker.net> wrote:
> J.A. Terranson wrote:
> > On Sat, 11 Feb 2006, Stan Bubrouski wrote:
> >confirmation, >Google just blindly subscribes you when anyone
> >requests it, I'm >assuming, since I didn't subscribe to any of the
> >hacker or porn groups >I have to keep removing myself from.
> Errr... this is precisely my point. I'm not using google. Someone else
> is using google to spam me.
> Allowing automatic subscription of 3rd party addresses to public
> mailing lists goes against all best practice and set a very dangerous
> precedent, and they really should know better.
Well, non-verified mailing lists are prone to self-DoSing: if two or
more of these lists accidentally subscribe to each other, they'd create
an instant mailstorm, and the weakest server will give in first.
"In the early days" (when mailing lists often were implemented with
/etc/alias instead of software) this happened all too often. One mail
address bouncing caused the bounce to appear back on the mailing list
which caused the bounce's bounce to appear on the mailing list, which
Two or more (different) bounces caused a bounce avalance - and with the
comparatively slow servers at that time (two-digit MHz - if you had a
big iron) a DoS was not too far off.
While bounce-handling of current software prevents BOUNCES to cause a
mail storm, automated repliers (Out-of-Office messages - especially
ill-configured or ill-designed ones) still cause grief for mailing list
admins. I've seen a "multi-language" OoO accidentally DoSing a mailing
list as that one sent out multiple messages for each mail coming in -
one OoO-Reply for each of the three languages. Wheeee - mailstorm!
If now mailing lists are accidentally cross-subscribed (which is not
possible with most current double-opt-in mailing list software) you have
the same problem.
And with Google's server- and bandwidth-power such a mailstorm probably
will be VERY bad, accecting quite a lot of the internet mail
infrastructure, unless the lists are very small.
So no lesson was learnt in the last 10 years?
Volker Tanger http://www.wyae.de/volker.tanger/
vtlistswyae.de PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/