On Thu, Jun 30, 2016 at 02:19:20AM +0000, Michael Wise via mailop wrote: > This ... is an attack for which I have become rather familiar.
As have I. Various countermeasures deployed singly and in combination have sufficed to cut it down to a dull roar, but the distributed nature of the attack renders it difficult (if not impossible) to stop entirely. Here's a list. Some of these will (obviously) not work for everyone; some of them may not work for anyone. 1. Don't allow list signups via the web. Given that -request has been a standard for decades, every person attemping to sign up for every mailing list should know it. If not, they should learn. If they're not capable of learning, too bad. 2. Block traffic from problematic regions/countries or allow traffic from desired regions/countries. For mailing lists whose interest is confined to a geographic area, this works pretty well. For those which aren't, nope. 3. Throttle outbound subscription confirmations. Correlate with originating domains/usernames/IP addresses/etc. At small scale this doesn't work too well, but at medium and large scales the accumulated patterns of abuse tend to leap off the screen. 4. Perform daily log analysis. Spikes in subscription rates *may* reveal abuse-in-progress -- probably not, but it's worth the perfunctory exercise just in case. Of course this is after-the-fact and the damage may already be done. 5. There are a lot of worthless (new) TLDs. "Use a real domain" is quickly becoming a valid response to requests from them. ---rsk _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
