[ lightbulb / ]
I've been thinking about this for a while, and just had a flash of brilliance
(or madness, hard to tell at times...)
You know what might be a good solution?
Just occurred to me.
The mailing list software displays a clickable link that will send an email
address with a cookie in the Subject to a special address hosted by the mailing
list server.
But the trick is, the email *MUST* pass a sufficiently strict DMARC check.
So if the mailing list receives a piece of email *FROM* the sending domain, and
it's DKIM signed, and it validates, and DMARC passes...
That would be a remarkably strong authentication that the recipient really did
want the traffic.
It could even be stored for reference later.
And if it was not actually from the recipient, but someone on the same service,
the true recipient has a piece of evidence of either a compromise, or malicious
act by another user that would be grounds to TOS them.
Thoughts?
Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been
Processed." | Got the Junk Mail Reporting Tool ?
-----Original Message-----
From: Michael Wise
Sent: Wednesday, May 25, 2016 4:11 PM
To: 'Jay Hennigan' <mailop-l...@keycodes.com>; mailop@mailop.org
Subject: RE: [mailop] signup form abuse
That may or may not be a good metric, since if I just signed up for a legit
mailing-list, I may be anxiously awaiting the confirmation mail, or if I'm a
robot, I might be backlogged a few tens of seconds.
So the Venn Diagram circles just might overlap more than you would wish.
Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been
Processed." | Got the Junk Mail Reporting Tool ?
-----Original Message-----
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan
Sent: Wednesday, May 25, 2016 4:03 PM
To: mailop@mailop.org
Subject: Re: [mailop] signup form abuse
On 5/25/16 8:36 AM, Vick Khera wrote:
> I did a spot check of a recent attack. The email address was
> jabradb...@kanawhascales.com <mailto:jabradb...@kanawhascales.com>
> and it got signed up to 12 lists during May 17 and 18. Amazingly,
> whoever is on the other end of that address clicked to confirm every
> one of those confirmation messages. All confirmation clicks appear to
> come from a netblock owned by Barracuda Networks... Hmm...
Maybe Barracuda spam filtering is doing something like opening remote content
to inspect it before forwarding it to the inbox.
What was the latency between when the confirmations were sent and when they
were "clicked"?
--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse
Internet Service -
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.impulse.net%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7cce37d60a078e41cab81e08d384f15cf7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=x0mTD7A0OqaRkzR%2fgnb7sHsi7oIhOgP7OJEi4c%2bVTv8%3d
Your local telephone and internet company - 805 884-6323 - WB6RDV
_______________________________________________
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7cce37d60a078e41cab81e08d384f15cf7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=R5a9BsHXQJjF81%2fAeHFChLTICwDj14lNST8CpCmq00k%3d
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
