Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unsubscribe DoS

From: "John Dow" <jmd () nelefa org>
Date: Sat, 21 Dec 2002 09:48:51 -0000
----- Original Message -----
From: "Arnold, Jamie" <harnold () binghamton edu>
To: "'Frank Knobbe'" <frank () knobbe us>; <vuln-dev () securityfocus com>
Sent: Saturday, December 21, 2002 12:19 AM
Subject: RE: Unsubscribe DoS



Many of these "unsubscribe" urls are just a way of verifying that the

email

address is a valid one.  Probes, of a sort.


Indeed - ever noticed how spammers offering "verified" email addresses
charge more for their mailing lists?

It's a quandry we're in at the moment - the company I work for (we build and
host websites) have some custom written software for mailing visitors to
sites who have double opted in to mailing lists run by the sites, but even
with this double opt in there are always people who have forgotten they've
done it and want off the list. We provide an unsubscribe link (which does
what it's supposed to) but also add an X-Header that is a message from the
systems team saying "We're trying to do this as responsibly as possible, etc
etc".

I don't like being involved in this, but there given there isn't much I can
do about it, I'm at least trying to do it as responsibly as possible.

J

--
John Dow
http://www.nelefa.org
http://www.miserable-bastard.com
Previous By Date Next
Previous By Thread Next

Current thread: