On 5 Oct 2008 at 11:11, Harold Fuchs wrote: > On 05/10/2008 08:39, mike scott wrote: > > (Everything snipped - can we put this subthread to rest please?) > > > > /IF/ a mailicious mail account has /everything/ forwarded to a target > > victim, there is no problem at all for the victim to unsubscribe the > > mailicious account from this list, even without any access to that > > malicious account. They do need to know the email address of the > > account. > > > > They just send an unsub email with that malicious address as sender. > > Because of the forwarding, they will receive the unsub confirmation > > request. They then reply to this. > > > > Job done. > > > > > I think that's right but what puzzles me is how to subscribe some else > in the first place. When one subscribes one receives the same sort of > "please confirm" message as one gets when one unsubscribes. So if *you* > tried to subscribe *me*, I'd get the "please confirm" message and just > wouldn't do it. Would someone please explain what I'm missing here?
You're missing that the bad guy sets up the intermediate account, subscribes it, and only /then/ sets up forwarding to the victim. -- Permission for this mail to be processed by any third party in connection with marketing or advertising purposes is hereby explicitly denied. http://www.scottsonline.org.uk lists incoming sites blocked because of spam [EMAIL PROTECTED] Mike Scott, Harlow, Essex, England --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
