Great Circle Associates List-Managers
(June 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Problem with annoyance attacks
From: "Spencer Yost" <Spencer_Yost @ salemcarriers . com>
Date: Sat, 20 Jun 1998 09:19:29 -0400
To: list-managers @ GreatCircle . COM
In-reply-to: <v04011704b1b0d5537db3 @ [207 . 167 . 80 . 70]>
References: <v04011704b1b0d5537db3 @ [207 . 167 . 80 . 70]>

I have a user who has found a way to pester and annoy everyone on one of my
lists.  Basically, he simply takes every message and forwards the message
to a bogus user at another site (sites and names hidden to protect the
innocent).  The remote site bounces the message with "No such user" ,
ordinarily no problem, but the site incorrectly routes the error to the
sender of a message rather than the address in the errors-to header of the
message.

The consequence is, every time a subscriber posts to my list, they get this
error message sent to their email address.  As you can imagine, this upsets
the subscribers immensely.   I currently am trying to isolate the address
doing this forwarding, by trying to sync maillog times and the times the
error message returns, but have not had any luck(over a thousand
subscribers and this method only narrows it down to two hundred or so).

I have band-aided the problem by having the remote system admin add the
user so it is no longer bogus, but obviously it is only a matter of time
before he picks a new address and does the same thing again.  Does anyone
have a suggestion or war story that help me isolate the weasel?  Some ideas
come to mind, like sending sequenced mail that impersonates list mail to
each of the two hundred possible subscribers mentioned above and then
watching to see which sequence number returns.   I don't know how to go
about doing that (or how ethical it is) though.

Thanks in advance,

Spencer Yost
Owner, ATIS
Plow the Net!
http://www.atis.net


Follow-Ups:
References:
Indexed By Date Previous: Re: Pentium II Xeon Processor - Product Launch Briefing
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Next: Problem with annoyance attacks
From: Mike Nolan <nolan @ celery . tssi . com>
Indexed By Thread Previous: Re: Pentium II Xeon Processor - Product Launch Briefing
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Next: Re: Problem with annoyance attacks
From: Lazlo Nibble <lazlo @ swcp . com>

Google
 
Search Internet Search www.greatcircle.com