[ lightbulb / ] I've been thinking about this for a while, and just had a flash of brilliance (or madness, hard to tell at times...)
You know what might be a good solution? Just occurred to me. The mailing list software displays a clickable link that will send an email address with a cookie in the Subject to a special address hosted by the mailing list server. But the trick is, the email *MUST* pass a sufficiently strict DMARC check. So if the mailing list receives a piece of email *FROM* the sending domain, and it's DKIM signed, and it validates, and DMARC passes... That would be a remarkably strong authentication that the recipient really did want the traffic. It could even be stored for reference later. And if it was not actually from the recipient, but someone on the same service, the true recipient has a piece of evidence of either a compromise, or malicious act by another user that would be grounds to TOS them. Thoughts? Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: Michael Wise Sent: Wednesday, May 25, 2016 4:11 PM To: 'Jay Hennigan' <mailop-l...@keycodes.com>; mailop@mailop.org Subject: RE: [mailop] signup form abuse That may or may not be a good metric, since if I just signed up for a legit mailing-list, I may be anxiously awaiting the confirmation mail, or if I'm a robot, I might be backlogged a few tens of seconds. So the Venn Diagram circles just might overlap more than you would wish. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan Sent: Wednesday, May 25, 2016 4:03 PM To: mailop@mailop.org Subject: Re: [mailop] signup form abuse On 5/25/16 8:36 AM, Vick Khera wrote: > I did a spot check of a recent attack. The email address was > jabradb...@kanawhascales.com <mailto:jabradb...@kanawhascales.com> > and it got signed up to 12 lists during May 17 and 18. Amazingly, > whoever is on the other end of that address clicked to confirm every > one of those confirmation messages. All confirmation clicks appear to > come from a netblock owned by Barracuda Networks... Hmm... Maybe Barracuda spam filtering is doing something like opening remote content to inspect it before forwarding it to the inbox. What was the latency between when the confirmations were sent and when they were "clicked"? -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.impulse.net%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7cce37d60a078e41cab81e08d384f15cf7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=x0mTD7A0OqaRkzR%2fgnb7sHsi7oIhOgP7OJEi4c%2bVTv8%3d Your local telephone and internet company - 805 884-6323 - WB6RDV _______________________________________________ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7cce37d60a078e41cab81e08d384f15cf7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=R5a9BsHXQJjF81%2fAeHFChLTICwDj14lNST8CpCmq00k%3d _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop