Talking about spam and stuff..
Hmmsies.. $ cat /tmp/nanoglist | wc -l 2883 $ Ever since I subscribed to the list, I started to get spam. Which is strange, this email accounts gets (a) staff email, (b) nanog email. So a bit of snooping showed me that anyone can send the "who nanog" (or "which nanog", I cant remember which one, I just sent both :-) command to nanog@merit.edu and lo and behold, the subscriber list came back. So I'm asking the list admins to please disable the command, so spammers can't just grab a user list.. and also, for people who run large email lists, to consider doing the same. Adrian
On Tue, 18 Nov 1997, Adrian Chadd wrote: ) Ever since I subscribed to the list, I started to get spam. Which is ) strange, this email accounts gets (a) staff email, (b) nanog email. ) So a bit of snooping showed me that anyone can send the "who nanog" (or ) "which nanog", I cant remember which one, I just sent both :-) command ) to nanog@merit.edu and lo and behold, the subscriber list came back. ) ) So I'm asking the list admins to please disable the command, so spammers ) can't just grab a user list.. and also, for people who run large email ) lists, to consider doing the same. I've received several pieces of UCE that, when looking at the headers (via the h command in pine), appeared to be getting at me via this mailing list. One of them, sent just yesterday or the day before, was relayed to merit.edu via syr.edu, but syr.edu's mail transport agent didn't log the IP or true hostmask of the site it got the message from. So, I contacted postmaster@syr.edu and that person replied saying they had contacted the appropriate persons in regards to fixing it. To finish this, I think mayhaps it's a problem simply of having the list propogate UCE itself, not of having spammers getting the list recipients. -- Daniel Reed <n@narnia.n.ml.org> System administrator of narnia.n.ml.org (narnia.mhv.net [199.0.0.118]) Reality is a crutch for people who can't handle buttons...
On Nov 18, Adrian Chadd <adrian@ourworld.net> wrote:
Ever since I subscribed to the list, I started to get spam. Which is strange, this email accounts gets (a) staff email, (b) nanog email. So a bit of snooping showed me that anyone can send the "who nanog" (or "which nanog", I cant remember which one, I just sent both :-) command to nanog@merit.edu and lo and behold, the subscriber list came back.
So I'm asking the list admins to please disable the command, so spammers can't just grab a user list.. and also, for people who run large email lists, to consider doing the same.
Making things worse, nanog@merit.edu is still open for anybody to post to, even if you're not subscribed. Many complaints have been registered with the listowners, but for some reason they've all been ignored. ********************************************************* J.D. Falk voice: +1-650-482-2840 Supervisor, Network Operations fax: +1-650-482-2844 PRIORI NETWORKS, INC. http://www.priori.net "The People You Know. The People You Trust." *********************************************************
Making things worse, nanog@merit.edu is still open for anybody to post to, even if you're not subscribed. Many complaints have been registered with the listowners, but for some reason they've all been ignored.
We're not able to limit posts to subscribers, as that would cut out the many people who receive NANOG mail through exploders. --Susan Harris
On Mon, 17 Nov 1997, Susan R. Harris wrote:
Making things worse, nanog@merit.edu is still open for anybody to post to, even if you're not subscribed. Many complaints have been registered with the listowners, but for some reason
We're not able to limit posts to subscribers, as that would cut out the many people who receive NANOG mail through exploders. --Susan Harris
That's a bit of a cop-out. Majordomo has for some time had the ability to restrict posts to those addresses found in a list of files. Just add an additional file for those who wish to be able to reply but read via exploders. restrict_post = nanog:nanog-digest:nanog-exploder For the terminally lazy, just create a dummy list called nanog-exploder, make it moderated, and allow open subscription to it. Anyone who wants to read nanog via an exploder and be able to reply to nanog, or who wants to be able to reply from multiple addresses subscribes to nanog-exploder. This seems awfully simple...is there some drawback I've missed? ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
participants (5)
-
Adrian Chadd -
Daniel Reed -
J.D. Falk -
Jon Lewis -
Susan R. Harris