Re: idiot reponse
On Thu, Feb 27, 2020 at 12:25:27AM +, Mark Rousell wrote: > This (or what it appears to be) is happening on an increasing number of > mail lists. It's not many but it's there I don't know who is behind it > or why, but it's an increasing annoyance. There is a partial fix for this, at least for anyone using Mailman to run their lists (e.g., nanog): Set Mailman so that all new subscribers are moderated by default. Either new subscriber X will one day send real content to the list or they won't. If it's the latter, then it is very simple to use Mailman's interface to simultaneously (a) approve the message for distribution and (b) clear their moderation flag. If it's the former, then the message will only be seen by the list-owners and won't bother everyone on the list. [1] This doesn't help with copies that are sent directly to list-members, however. The fix for that is for responsible list owners (a) to be available at the -owner address (per RFC 2142 and decades of best practices) so that they can field problem reports and (b) to use Mailman to (a) unsubscribe the errant address and (b) ban it. I'd also recommend that they (c) publicly announce such actions with an "administrivia" Subject line on-list so that list members can take corresponding actions in their own mail systems. If nanog-owner isn't responding then that's a serious lapse and needs to be corrected immediately. Doing so is a fundamental part of basic mailing list administration. I'd also strongly recommend that list-owners have Mailman configured to notify them of all subscribe/unsubscribe events and/or to require manual list-owner approval for subscriptions. Interposing human beings in the process doesn't solve this problem but it provides the opportunity to detect and quash it early on. ---rsk [1] Note that this is also a partial defense against accounts which are hijacked and turned into bots. Given that -- on most mailing lists and especially on large ones -- the overwhelming majority of subscribers will *never* send any traffic, nothing is lost by doing this. But on the day when an account is hijacked and suddenly starts sending large amounts of traffic, none of of it will get through to the mailing list.
Re: idiot reponse
On Wed, Feb 26, 2020 at 4:15 PM J. Hellenthal via NANOG wrote: > Wtf kinda one word response is that lol > You missed the *very* important second line of the response, which makes the first, one-word line meaningful. Go back and read it again. ;) Matt > > -- > J. Hellenthal > > The fact that there's a highway to Hell but only a stairway to Heaven says > a lot about anticipated traffic volume. > > On Feb 26, 2020, at 15:03, Selphie Keller > wrote: > > > postfix =) > > /^From: .*@electricforestfestival\.com/ DISCARD > > On Wed, 26 Feb 2020 at 09:54, Christopher Morrow > wrote: > >> >> >> On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett wrote: >> >>> I send to nanog-ow...@nanog.org, but I never hear back. >>> >>> >>> >> I had sent this privately but I thought/think: nanog-admin@ >> >> I could totally be wrong :) >> >
Re: idiot reponse
On 27/02/2020 00:30, Patrick Schultz wrote: > > I've also seen employees leaving companies and their addresses being > rerouted to the support mailbox. > That's a very interesting point. I had not considered it as a possible cause of this problem. -- Mark Rousell
Re: idiot reponse
I've also seen employees leaving companies and their addresses being rerouted to the support mailbox. -- Patrick Am 27.02.2020 um 01:25 schrieb Mark Rousell: > On 26/02/2020 16:24, Randy Bush wrote: >> act...@nanog.org seems to no longer exist. how should i be whining >> about the following? >> >> From: Electric Forest Festival >> Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber >> Suggestions >> To: ra...@psg.com >> Date: Wed, 26 Feb 2020 16:15:25 + >> >> Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has >> received your email. Help save precious resources by reviewing the >> information below and looking up common questions in The Forest Frequently >> Asked Questions: Experience.ElectricForestFestival.com Please contact >> Festival Ticketing Support at 855-279-6941 for all issue regarding your >> purchase or for account troubleshooting. Electric Forest is sold out. Lyte >> is the only HQ endorsed way to get passes now that it’s sold out. To know >> when all things Electric Forest 2020 are happening sign up to the EF >> Newsletter. Happy Forest! > > This (or what it appears to be) is happening on an increasing number of mail > lists. It's not many but it's there I don't know who is behind it or why, but > it's an increasing annoyance. > > This is a quick summary of what seems to be happening: > (1) A legitimate company's or organisation's helpdesk email address is signed > up to a mail list like this one. > (2) Every time someone posts to the list, they receive an automated > notification from the helpdesk. > (3) On mail lists where DMARC mitigation is in effect, the notification comes > back to the mail list. > (4) A consistent pattern is that the helpdesk staff seem utterly incapable of > unsubscribing themselves from the list. They always seem to need to be > unsubscribed by a list admin. > > The key question to my mind is how do these helpdesks get signed up at all? > Presumably it's not the helpdesk staff themselves signing them up. It would > appear that someone, somewhere has found a vulnerability in Mailman (as far > as I can recall I've only > seen this on Mailman lists) and is intentionally signing up legitimate > company helpdesks to mail lists. > > Lists with an active admin/mod can fix the problem quickly by unsubscribing > the helpdesk. > > Is it an attempted (rather feeble) DoS on the mail lists affected, on the > concept of a mail list, or on the companies affected? I don't know. I can't > see any real point to it. But it's happening. > > > > -- > Mark Rousell
Re: idiot reponse
On 26/02/2020 16:24, Randy Bush wrote: > act...@nanog.org seems to no longer exist. how should i be whining > about the following? > > From: Electric Forest Festival > Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber > Suggestions > To: ra...@psg.com > Date: Wed, 26 Feb 2020 16:15:25 + > > Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has > received your email. Help save precious resources by reviewing the > information below and looking up common questions in The Forest Frequently > Asked Questions: Experience.ElectricForestFestival.com Please contact > Festival Ticketing Support at 855-279-6941 for all issue regarding your > purchase or for account troubleshooting. Electric Forest is sold out. Lyte > is the only HQ endorsed way to get passes now that it’s sold out. To know > when all things Electric Forest 2020 are happening sign up to the EF > Newsletter. Happy Forest! This (or what it appears to be) is happening on an increasing number of mail lists. It's not many but it's there I don't know who is behind it or why, but it's an increasing annoyance. This is a quick summary of what seems to be happening: (1) A legitimate company's or organisation's helpdesk email address is signed up to a mail list like this one. (2) Every time someone posts to the list, they receive an automated notification from the helpdesk. (3) On mail lists where DMARC mitigation is in effect, the notification comes back to the mail list. (4) A consistent pattern is that the helpdesk staff seem utterly incapable of unsubscribing themselves from the list. They always seem to need to be unsubscribed by a list admin. The key question to my mind is how do these helpdesks get signed up at all? Presumably it's not the helpdesk staff themselves signing them up. It would appear that someone, somewhere has found a vulnerability in Mailman (as far as I can recall I've only seen this on Mailman lists) and is intentionally signing up legitimate company helpdesks to mail lists. Lists with an active admin/mod can fix the problem quickly by unsubscribing the helpdesk. Is it an attempted (rather feeble) DoS on the mail lists affected, on the concept of a mail list, or on the companies affected? I don't know. I can't see any real point to it. But it's happening. -- Mark Rousell
Re: idiot reponse
Wtf kinda one word response is that lol -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Feb 26, 2020, at 15:03, Selphie Keller wrote: > > > postfix =) > > /^From: .*@electricforestfestival\.com/ DISCARD > >> On Wed, 26 Feb 2020 at 09:54, Christopher Morrow >> wrote: >> >> >>> On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett wrote: >>> I send to nanog-ow...@nanog.org, but I never hear back. >>> >>> >> >> I had sent this privately but I thought/think: nanog-admin@ >> >> I could totally be wrong :) smime.p7s Description: S/MIME cryptographic signature
Re: idiot reponse
postfix =) /^From: .*@electricforestfestival\.com/ DISCARD On Wed, 26 Feb 2020 at 09:54, Christopher Morrow wrote: > > > On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett wrote: > >> I send to nanog-ow...@nanog.org, but I never hear back. >> >> >> > I had sent this privately but I thought/think: nanog-admin@ > > I could totally be wrong :) >
Re: idiot reponse
On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett wrote: > I send to nanog-ow...@nanog.org, but I never hear back. > > > I had sent this privately but I thought/think: nanog-admin@ I could totally be wrong :)
Re: idiot reponse
I send to nanog-ow...@nanog.org, but I never hear back. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Randy Bush" To: "North American Network Operators' Group" Sent: Wednesday, February 26, 2020 10:24:03 AM Subject: idiot reponse act...@nanog.org seems to no longer exist. how should i be whining about the following? From: Electric Forest Festival Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions To: ra...@psg.com Date: Wed, 26 Feb 2020 16:15:25 + Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out. Lyte is the only HQ endorsed way to get passes now that it’s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
idiot reponse
act...@nanog.org seems to no longer exist. how should i be whining about the following? From: Electric Forest Festival Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions To: ra...@psg.com Date: Wed, 26 Feb 2020 16:15:25 + Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out. Lyte is the only HQ endorsed way to get passes now that it’s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
