Vulnerability Development mailing list archives
Re: Unsubscribe DoS
From: "John Dow" <jmd () nelefa org>
Date: Sat, 21 Dec 2002 09:48:51 -0000
----- Original Message ----- From: "Arnold, Jamie" <harnold () binghamton edu> To: "'Frank Knobbe'" <frank () knobbe us>; <vuln-dev () securityfocus com> Sent: Saturday, December 21, 2002 12:19 AM Subject: RE: Unsubscribe DoS
Many of these "unsubscribe" urls are just a way of verifying that the
address is a valid one. Probes, of a sort.
Indeed - ever noticed how spammers offering "verified" email addresses charge more for their mailing lists? It's a quandry we're in at the moment - the company I work for (we build and host websites) have some custom written software for mailing visitors to sites who have double opted in to mailing lists run by the sites, but even with this double opt in there are always people who have forgotten they've done it and want off the list. We provide an unsubscribe link (which does what it's supposed to) but also add an X-Header that is a message from the systems team saying "We're trying to do this as responsibly as possible, etc etc". I don't like being involved in this, but there given there isn't much I can do about it, I'm at least trying to do it as responsibly as possible. J -- John Dow http://www.nelefa.org http://www.miserable-bastard.com
Current thread:
- Unsubscribe DoS Frank Knobbe (Dec 20)
- <Possible follow-ups>
- RE: Unsubscribe DoS Arnold, Jamie (Dec 20)
- Re: Unsubscribe DoS John Dow (Dec 22)