On 05/10/2008 12:43, Harold Fuchs wrote:
On 05/10/2008 11:58, Rob Clement wrote:
Harold Fuchs wrote:
On 05/10/2008 08:39, mike scott wrote:
(Everything snipped - can we put this subthread to rest please?)
/IF/ a mailicious mail account has /everything/ forwarded to a
target victim, there is no problem at all for the victim to
unsubscribe the mailicious account from this list, even without any
access to that malicious account. They do need to know the email
address of the account.
They just send an unsub email with that malicious address as
sender. Because of the forwarding, they will receive the unsub
confirmation request. They then reply to this.
Job done.
I think that's right but what puzzles me is how to subscribe some
else in the first place. When one subscribes one receives the same
sort of "please confirm" message as one gets when one unsubscribes.
So if *you* tried to subscribe *me*, I'd get the "please confirm"
message and just wouldn't do it. Would someone please explain what
I'm missing here?
Harold
If you look at the thread, someone created a gmail account with this
person's name. This someone then registered with [email protected]
to get all the e-mails to gmail and then forwarded the e-mails from
gmail to his other address.
".. his other address" ??? I think you meant the victim's address ???
Ah. If I forward this list's mail to someone then that person can't do
anything about it. Unsubscribing won't help because the person
wouldn't be subscribed; may never even have heard of OpenOffice.org.
This list won't know anything about the person.
What confuses me is that you have to agree to receive e-mail at the
non-gmail address,
Do you? How come? I can set a filter in Thunderbird to forward mail
somewhere. I don't think the "somewhere" has any say in the matter. I
think I can do the same from gmail. And it wouldn't have to be a
"non-gmail" address.
so either it is seomone close to him or he has been very careless.
I don't think either of those is right. I think all the perpetrator
needs to know is the victim's "real" e-mail address. I think the
victim of this is actually powerless to prevent it. I think the only
thing the victim can do is set up a filter to delete the unwanted
traffic. Please prove me wrong.
I hope that helps
Rob
Whoops. No. The victim *can*, I think, "unsubscribe" using Mike Scott's
procedure described above. Sorry.
So, to summarise, I think the victim can't prevent the attack but can
cure it.
--
Harold Fuchs
London, England
Please reply *only* to [email protected]
