Harold Fuchs wrote:
On 07/10/2008 10:10, mike scott wrote:
<snip>
Google (& I've not checked) almost certainly have T&C's that say no
misuse of their system is allowed - if this isn't misuse, I don't
know what is! They could (should?) simply shut down the offending
account completely.
Here I agree. But did anyone ask Google? As far as I know the attack
was stopped by the mediators of this list.
According to Chuck Evans, he has tried communicating with Google
numerous times, but I don't know to whose attention or what he said. The
attack has apparently not stopped, he's still complaining here. The
moderators of this list unsubbed another person, Kaye Evans (apparently
unrelated) for spamming, and s/he was reported to the Earthlink ISP on
which the account was hosted. The unsub was what was requested in the
first place, so that was probably a desirable outcome for Kaye, but
being reported to Earthlink probably was not.
<snip>
Sorry to be pedantic but this is exactly where the confusion lay in my
mind. You have now clarified it by saying the victim can *either*
- masquerade as the attacker by setting up a "fake" (mimic?) e-mail
account using the attacker's e-mail address *or*
- use the "=" form of the ezmlm unsubscribe request.
Do *both* of those work? Nobody before has clearly stated that;
previous commentators left that hanging which I why I asked.
The indirect unsubscribe, sent from any account, is a way to get a
goodbye confirmation message to go to the subscribed account (the gmail
one in Chuck's case), which then *might* be forwarded to the victim. A
normal unsubscribe sent from the fake (mimic) account would do the same
thing. But the mimic account really came into play in responding to that
confirmation message. If the goodbye confirmation had to come from the
subscribed account, it would have to come from the mimic to succeed.
Later experiments showed that for this list, the response could come
from any account; there's a "magic cookie" in the message that is all
ezmlm cares about.
<snip>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
