All - On Wed, 13 November 2019 12:41 UTC, Rifaat Shekh-Yusef <[email protected]> wrote: > The chairs are aware of the issue, as we receive notifications to > approve these messages sent by non-members. > We have been receiving these emails for few weeks now, and Glen from IETF > IT is also aware of the issue and he took some measures to try to address > this. Glen also contacted the ISP but unfortunately he did not hear back > from > them.
I'm not on this list, but in the process of checking a few spam complaints we've received, I noticed this message in the archive, and wanted to clarify further: The OAUTH list - along with about four other lists - was the victim of a subscribe attack, in which large numbers of valid, harvested email addresses were subscribed to the OAUTH list without the knowledge of the account holders. Sympatico.ca was one of the targeted domains, as was AOL and GMAIL. *sigh* I have no idea what the attackers tried to gain - get the IETF blacklisted with ISPs, perhaps? It was relatively simple to remove the sympatico and AOL addresses, but we have lots of legitimate users who use GMail, so I was hesitant to try bulk-removing all of those addresses! OAUTH - at 1003 members (currently) is one of the IETF's larger lists, so there may be other people on here also who didn't ask to be signed up. As complaints come in, we're removing people, and as attacks come in (and there are a TON of attacks against the IETF every day, which is why I look the way I do) we block them, but it is something of a game of leapfrog. We appreciate everyone's patience as we continue to deal with these ongoing, and bizarre, attacks. Glen -- Glen Barney IT Director AMS (IETF Secretariat) _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
