On 10/04/2008 09:01 PM, Barbara Duprey wrote: > comments inline... As are mine.
> > NoOp wrote: >> On 10/04/2008 04:35 PM, Barbara Duprey wrote: >> >> >>> In a related post, I asked what people thought about just eliminating >>> the "goodbye" confirmation. I don't think malicious unsubscribes are >>> either likely or particularly harmful, and it would be much easier to >>> deal with malicious subscribes. The unsubscribe process could send a >>> message, but not require response, and that would mean that once the >>> subscription account was known, anybody could do the unsubscribe. So >>> when we got one of these "please unsubscribe me" posts, we could just do >>> it, or tell an apparently unsubscribed OP to look at a full message >>> header to identify the subscriber, then use the >>> [EMAIL PROTECTED] to unsubscribe. Haven't >>> heard any response to that idea yet. >>> >> >> I think that is not a good idea. Without the "goodbye" confirmation >> anyone could possibly unsubscribe you, or anyone else on the list. >> > > Understood, and it would be annoying, but not really harmful. An > unwanted subscription (or a bunch of them), however, can cause real > difficulty. Maybe the technique mentioned earlier here (defining a mimic > account to the offender's on the victim's email client, sending an > unsubscribe, and confirming it as if from the offending subscribed > account) will work, and maybe not. If not, it appears to be very > difficult to unsubscribe because the victim does not have access to the > subscribed account to confirm the unsubscribe. Actually it would be more than annoying and create havoc across this mail list. >> Malicious subscribes can only occur if someone has control of an account >> and can respond to the "you have subscribed" confirmation email. If >> someone has control of the email account and is using it to subscribe it >> to mailing lists it is already too late; the email account has been >> already compromised, and should be discarded or the user should have the >> email account password reset & monitored by the email account provider. >> > The situation we're dealing with here is that someone created an actual > gmail account and used it to subscribe to a number of lists, providing > any required confirmations, and then redirected all incoming traffic to > the chosen target, whose mail is now filling up and interfering with his > business. The target email account was not itself compromised, and the > problem account is still out there with the guilty party apparently > frequently changing the password. No special knowledge of the target > account was needed, just its mailto name. The fact that Chuck has someone that is forwarding emails from this list to his sbcglobal.net account is not the problem of the users on this list. It's a problem with him and whoever maliciously is forwarding the emails to him. It is however a problem of the list manager in that it has never been easy to communicate with a live person/moderator/manager of this list. For instance; there is _no_ obvious address/person/email that even we, as valid subscribers to this list, can write to to complain about a Chuck. Yes, we can also try to view the mailing list pages for some contact information but in the end we'll not find one - I've not, and I've been on this list since 2007 (I think). Luckily I use gmane for this and many, many other lists, and wonder why anyone still would use an actual email list subscription when they can use a gmane or other nntp newsreader subscription instead. [snips] >> >> 1. First off he should take the issue to the provider of the >> [EMAIL PROTECTED] account (Google) and file an abuse request that >> all email from that account stop forwarding to his sbcglobal account. >> > > Yes, and he's been advised of this. Don't know if he's done it, or how > responsive Google is to this kind of request. >> 2. He should simply log into his AT&T (sbcglobal.net) account and >> blacklist [EMAIL PROTECTED] and and tag [EMAIL PROTECTED] >> as spam. Note my posting address; I have an sbcglobal.net account so I >> know how easy it is to block emails from any particular email address. >> > > His initial description of the problem didn't mention the gmail account; > I'm not sure if this is a true forwarding, with the sender clearly > identified, or if the sender appears to be the list because of the way > Google handles list traffic. Maybe somebody who uses gmail can respond > with more info here. In any case, though, what about people who have to > pay by the message? Doesn't the message still get transmitted and have > to be paid for, even if it is immediately discarded? (I know that's not > the case with sbcglobal.net, but it could happen to somebody else.) Again, it doesn't matter from this list perspective. Chuck should have just used the tools provided to him by his ISP to block any further emails from this list and the [EMAIL PROTECTED] account. We are not responsible for the ignorance of someone that does not use the tools provided by their ISP to block unwanted email. Chuck stated "this emailer where I have been forwarded hundreds of lists" and I initially took that to mean that he's been subscribed to hundreds of mail lists. A Google on Chuck seems to indicate that he probably meant that he's received hundreds of emails from this list. If that is the case, then again, he easily could have used the tools that his ISP provides to him to block/delete the unwanted messages. [snip] > > His sbcglobal.net account was not subscribed. All his messages went > through "moderator for [email protected]" -- attempting to > unsubscribe that just got a message that it wasn't subscribed and > therefore couldn't be unsubscribed. I do kind of wonder why the > moderator let so many through, though. Good point. Now can you find the information to complain to the list moderator/adminstor... If you can I'll give you a gold star :-) The point boils down to the fact that none of us, many have been here for quite some time, even know how to complain regarding our own list. It's a double-edged sword; there seems to be no [EMAIL PROTECTED] type of address for those on the list to report a Chuck (or others of recent), nor is there any such address for the Chuck's of the world that have a problem with the OOo list and can't seem to get out of the loop. I seem to recall some logged issues regarding this but can't recall the issue numbers. I'm sure that if you search the list for similar posts we'll find previous posts by me, you, others regarding this same issue. We'll also not find someone from OOo that has ever stepped up and waved a hand saying "I'm the person resonsible for this list - if you have problems contact me, and by the way, my project page is...). Perhaps it's just time to get mad and demand that OOo provide a single contact for this list. It's the largest and most obvious list on OOo for both experienced and new users alike. Example: http://www.openoffice.org/ http://support.openoffice.org/index.html Users Mail List (Subscribe / Archives) OpenOffice.org Project community support provided by a network of hundreds of experienced users. You must be subscribed to post messages. Reminding users on this list that it was/is our desire to have posters subscribe... but who was the fool that created that link without linking first to a web page describing the lists, the fact that the subscriber will receive emails from this list etc., etc? The rest of your response is appreciated, but snipped. It it _not_ advisable to have _any_ standard mail list forgo the appropriate subscribe and unsubscribe checks that have been proven to be effective over time. Those checks and balances have been put in place for a reason; one reason is the malicious subscribe and unsubscribe of list users. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
