nanog mailing list archives

Re: idiot reponse

From: Patrick Schultz <lists-nanog () schultz top>
Date: Thu, 27 Feb 2020 01:30:16 +0100

I've also seen employees leaving companies and their addresses being rerouted to the support mailbox.

-- 
Patrick

Am 27.02.2020 um 01:25 schrieb Mark Rousell:

On 26/02/2020 16:24, Randy Bush wrote:

action () nanog org seems to no longer exist.  how should i be whining
about the following?

From: Electric Forest Festival <info () electricforestfestival com>
Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions
To: randy () psg com
Date: Wed, 26 Feb 2020 16:15:25 +0000

  Electric Forest 2020 will take place on June 25-28, 2020.   Forest HQ has received your email. Help save precious 
resources by reviewing the information below and looking up common questions in The Forest Frequently Asked 
Questions: Experience.ElectricForestFestival.com  Please contact Festival Ticketing Support at 855-279-6941 for all 
issue regarding your purchase or for account troubleshooting.  Electric Forest is sold out. Lyte is the only HQ 
endorsed way to get passes now that it’s sold out.  To know when all things Electric Forest 2020 are happening sign 
up to the EF Newsletter.  Happy Forest!


This (or what it appears to be) is happening on an increasing number of mail lists. It's not many but it's there I 
don't know who is behind it or why, but it's an increasing annoyance.

This is a quick summary of what seems to be happening:
(1) A legitimate company's or organisation's helpdesk email address is signed up to a mail list like this one.
(2) Every time someone posts to the list, they receive an automated notification from the helpdesk.
(3) On mail lists where DMARC mitigation is in effect, the notification comes back to the mail list.
(4) A consistent pattern is that the helpdesk staff seem utterly incapable of unsubscribing themselves from the list. 
They always seem to need to be unsubscribed by a list admin.

The key question to my mind is how do these helpdesks get signed up at all? Presumably it's not the helpdesk staff 
themselves signing them up. It would appear that someone, somewhere has found a vulnerability in Mailman (as far as I 
can recall I've only
seen this on Mailman lists) and is intentionally signing up legitimate company helpdesks to mail lists.

Lists with an active admin/mod can fix the problem quickly by unsubscribing the helpdesk.

Is it an attempted (rather feeble) DoS on the mail lists affected, on the concept of a mail list, or on the companies 
affected? I don't know. I can't see any real point to it. But it's happening.



-- 
Mark Rousell

Current thread:

idiot reponse Randy Bush (Feb 26)
- Re: idiot reponse Mike Hammett (Feb 26)
  - Re: idiot reponse Christopher Morrow (Feb 26)
    - Re: idiot reponse Selphie Keller (Feb 26)
    - Re: idiot reponse J. Hellenthal via NANOG (Feb 26)
    - Re: idiot reponse Matthew Petach (Feb 26)
- Re: idiot reponse Mark Rousell (Feb 26)
  - Re: idiot reponse Patrick Schultz (Feb 26)
    - Re: idiot reponse Mark Rousell (Feb 26)
  - Re: idiot reponse Rich Kulawiec (Feb 27)