On Mar 26, 2008, at 9:10 AM, Brad Beyenhof wrote:
Why can't someone just unsubscribe the address in question?  This has
happened three times now.

Hear, hear!


Not entirely sure how, but it would seem that a combination of spam and auto-responders caused those addresses to be subscribed. I think Neil looked into it.

Amusingly, a spam using a forged From: address, sending to the list address which causes a subscription, combined with an auto-responder at the forged From: address would actually work. Mailman sends a "reply to confirm" email when you subscribe, and a default reply action is sufficient to confirm.

Now the address is subscribed, and any message going to it will generate yet another auto-reply.

Auto-responders have the potential to be evil if the person creating them doesn't think through all the possibilities. The procmail manpages had some good examples of how to avoid sending vacation responses to mailing lists and system/daemon/mailer notices; it's a shame nobody really pays attention to that. (I'm looking squarely at you, Microsoft Exchange/Outlook developers.)

Gregory

--
Gregory K. Ruiz-Ade <[EMAIL PROTECTED]>
OpenPGP Key ID: EAF4844B  keyserver: pgpkeys.mit.edu


--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie

Reply via email to