Full Disclosure mailing list archives
Re: Google creates SPAM haven
From: Volker Tanger <vtlists () wyae de>
Date: Sun, 12 Feb 2006 20:22:10 +0100
Adam Laurie <adam.laurie () thebunker net> wrote:
J.A. Terranson wrote:On Sat, 11 Feb 2006, Stan Bubrouski wrote: confirmation, >Google just blindly subscribes you when anyone requests it, I'm >assuming, since I didn't subscribe to any of the hacker or porn groups >I have to keep removing myself from.Errr... this is precisely my point. I'm not using google. Someone else is using google to spam me. Allowing automatic subscription of 3rd party addresses to public mailing lists goes against all best practice and set a very dangerous precedent, and they really should know better.
Well, non-verified mailing lists are prone to self-DoSing: if two or more of these lists accidentally subscribe to each other, they'd create an instant mailstorm, and the weakest server will give in first. "In the early days" (when mailing lists often were implemented with /etc/alias instead of software) this happened all too often. One mail address bouncing caused the bounce to appear back on the mailing list which caused the bounce's bounce to appear on the mailing list, which caused... Two or more (different) bounces caused a bounce avalance - and with the comparatively slow servers at that time (two-digit MHz - if you had a big iron) a DoS was not too far off. While bounce-handling of current software prevents BOUNCES to cause a mail storm, automated repliers (Out-of-Office messages - especially ill-configured or ill-designed ones) still cause grief for mailing list admins. I've seen a "multi-language" OoO accidentally DoSing a mailing list as that one sent out multiple messages for each mail coming in - one OoO-Reply for each of the three languages. Wheeee - mailstorm! If now mailing lists are accidentally cross-subscribed (which is not possible with most current double-opt-in mailing list software) you have the same problem. And with Google's server- and bandwidth-power such a mailstorm probably will be VERY bad, accecting quite a lot of the internet mail infrastructure, unless the lists are very small. *sigh* So no lesson was learnt in the last 10 years? Bye Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists () wyae de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google creates SPAM haven Adam Laurie (Feb 11)
- Re: Google creates SPAM haven Stan Bubrouski (Feb 11)
- Re: Google creates SPAM haven Stan Bubrouski (Feb 11)
- Re: Google creates SPAM haven Valdis . Kletnieks (Feb 11)
- Re: Google creates SPAM haven Stan Bubrouski (Feb 11)
- Re: Google creates SPAM haven J.A. Terranson (Feb 11)
- Re: Google creates SPAM haven Niek (Feb 11)
- Re: Google creates SPAM haven Adam Laurie (Feb 12)
- Re: Google creates SPAM haven Volker Tanger (Feb 12)
- Re: Google creates SPAM haven Stan Bubrouski (Feb 11)
- Re: Google creates SPAM haven Stan Bubrouski (Feb 11)