In message <[EMAIL PROTECTED]>,
Jeremy Blackman <[EMAIL PROTECTED]> wrote:
>On Fri, 7 Jan 2000, Ronald F. Guilmette wrote:
>
>> I for one am more than willing to overlook the participation of either
>> egroups.com or any other list hosting service in this type of spamming
>> and violation of California law IF AND ONLY IF they will just be so kind
>> as to do what most of the rest of the list administrators reading these
>> words have already done long ago, i.e. implement a simple subscription
>> confirmation protocol that will insure that I and other Internet users
>> are not exposed to the additional risk of ``subscription bombing'' IN
>> ADDITION to the risk of being indirectly spammed with the assistance of
>> their servers.
>
>I think the point that was made earlier was that the majority of
>individual list owners do not have that restriction placed on them on
>services other than eGroups. Hence, if I am the list administrator on a
>Majordomo list, I can do:
>
>approve <password> subscribe <list> <email>
>
>Do they get a confirmation ticket? Not under stock majordomo, not last
>time I checked. Does this mean Majordomo on a free Majordomo hosting site
>could be used by list admins as a spam technique, by signing up people
>without their consent? Of course!
Assuming that this is true, _and_ that the admins of these ``free Majodomo
hosting sites'' (got any names?) leave things configured like that, and
that they do not take pains to disable this capability, then I for one
find it both remarkable and also rather completely absurd.
If what you are saying is true, I may switch over to writing spamware,
rather than trying to write anti-spamware, because I can see now how writing
spamware should be a damn sight easier.
Here's a simple scenario...
Spammer goes to one of the ``free Majordomo hosting sites'' and does what-
ever is necessary to create a new list. He then mails a sequence of 50,000
lines of the form:
approve <password> subscribe <list> <email>
to that site, followed by a _single_ copy of his spam (for a grand total
of only _two_ messages). Total connect time needed for the spammer to spam
50,000 people? Under 1 minute. And as an added bonus, the spammer probably
gets the benefit of (a) a nice high-performance server optimized for mailing
list distribution and (b) some nice high-bandwidth connections to same.
Swell. Just swell. NOT!
