I've also seen employees leaving companies and their addresses being rerouted to the support mailbox.
-- Patrick Am 27.02.2020 um 01:25 schrieb Mark Rousell: > On 26/02/2020 16:24, Randy Bush wrote: >> act...@nanog.org seems to no longer exist. how should i be whining >> about the following? >> >> From: Electric Forest Festival <i...@electricforestfestival.com> >> Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber >> Suggestions >> To: ra...@psg.com >> Date: Wed, 26 Feb 2020 16:15:25 +0000 >> >> Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has >> received your email. Help save precious resources by reviewing the >> information below and looking up common questions in The Forest Frequently >> Asked Questions: Experience.ElectricForestFestival.com Please contact >> Festival Ticketing Support at 855-279-6941 for all issue regarding your >> purchase or for account troubleshooting. Electric Forest is sold out. Lyte >> is the only HQ endorsed way to get passes now that it’s sold out. To know >> when all things Electric Forest 2020 are happening sign up to the EF >> Newsletter. Happy Forest! > > This (or what it appears to be) is happening on an increasing number of mail > lists. It's not many but it's there I don't know who is behind it or why, but > it's an increasing annoyance. > > This is a quick summary of what seems to be happening: > (1) A legitimate company's or organisation's helpdesk email address is signed > up to a mail list like this one. > (2) Every time someone posts to the list, they receive an automated > notification from the helpdesk. > (3) On mail lists where DMARC mitigation is in effect, the notification comes > back to the mail list. > (4) A consistent pattern is that the helpdesk staff seem utterly incapable of > unsubscribing themselves from the list. They always seem to need to be > unsubscribed by a list admin. > > The key question to my mind is how do these helpdesks get signed up at all? > Presumably it's not the helpdesk staff themselves signing them up. It would > appear that someone, somewhere has found a vulnerability in Mailman (as far > as I can recall I've only > seen this on Mailman lists) and is intentionally signing up legitimate > company helpdesks to mail lists. > > Lists with an active admin/mod can fix the problem quickly by unsubscribing > the helpdesk. > > Is it an attempted (rather feeble) DoS on the mail lists affected, on the > concept of a mail list, or on the companies affected? I don't know. I can't > see any real point to it. But it's happening. > > > > -- > Mark Rousell
