Re: Anyone from instagram reading?

[Mike Hammett <nanog () ics-il net>]

Mailops? 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: bzs () theworld com 
To: nanog () nanog org 
Cc: bzs () theworld com, abuse () instagram com 
Sent: Wednesday, December 2, 2020 1:03:13 PM 
Subject: Anyone from instagram reading? 


Instagram is enabling an harassment attack. 

They are sending out "change in terms of use" statements, you've 
probably received it. 

Apparently they will send them to unconfirmed accounts, en masse. 

So for example you own example.com and all email for *@example.com 
goes to you. 

And there are no legitimate email accounts for that domain so can't 
possibly be confirmed accounts. 

So you are receiving a firehose of "terms of use" emails to 
randomstring () example com apparently being generated by a script, 
random+domain@domain like (from the actual emails tho not 
example.com): 

qiuncjhuxeexample () example com 
mazhjkmthexample () example com 

and so on and so on, each one different. 

SOLUTION: Stop sending your terms of use update messages to 
unconfirmed accounts. It's a trivially abused harassment vector as 
we're seeing. 

-- 
-Barry Shein 

Software Tool & Die | bzs () TheWorld com | http://www.TheWorld.com 
Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD 
The World: Since 1989 | A Public Information Utility | *oo*