| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060212202210.4a1b853a.vtlists@wyae.de> Date: Sun Feb 12 19:22:20 2006 From: vtlists at wyae.de (Volker Tanger) Subject: Google creates SPAM haven Adam Laurie <adam.laurie@...bunker.net> wrote: > J.A. Terranson wrote: > > On Sat, 11 Feb 2006, Stan Bubrouski wrote: > >confirmation, >Google just blindly subscribes you when anyone > >requests it, I'm >assuming, since I didn't subscribe to any of the > >hacker or porn groups >I have to keep removing myself from. > > Errr... this is precisely my point. I'm not using google. Someone else > is using google to spam me. > > Allowing automatic subscription of 3rd party addresses to public > mailing lists goes against all best practice and set a very dangerous > precedent, and they really should know better. Well, non-verified mailing lists are prone to self-DoSing: if two or more of these lists accidentally subscribe to each other, they'd create an instant mailstorm, and the weakest server will give in first. "In the early days" (when mailing lists often were implemented with /etc/alias instead of software) this happened all too often. One mail address bouncing caused the bounce to appear back on the mailing list which caused the bounce's bounce to appear on the mailing list, which caused... Two or more (different) bounces caused a bounce avalance - and with the comparatively slow servers at that time (two-digit MHz - if you had a big iron) a DoS was not too far off. While bounce-handling of current software prevents BOUNCES to cause a mail storm, automated repliers (Out-of-Office messages - especially ill-configured or ill-designed ones) still cause grief for mailing list admins. I've seen a "multi-language" OoO accidentally DoSing a mailing list as that one sent out multiple messages for each mail coming in - one OoO-Reply for each of the three languages. Wheeee - mailstorm! If now mailing lists are accidentally cross-subscribed (which is not possible with most current double-opt-in mailing list software) you have the same problem. And with Google's server- and bandwidth-power such a mailstorm probably will be VERY bad, accecting quite a lot of the internet mail infrastructure, unless the lists are very small. *sigh* So no lesson was learnt in the last 10 years? Bye Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists@...e.de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
Powered by blists - more mailing lists