action@nanog.org seems to no longer exist. how should i be whining about the following? From: Electric Forest Festival <info@electricforestfestival.com> Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions To: randy@psg.com Date: Wed, 26 Feb 2020 16:15:25 +0000 Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out. Lyte is the only HQ endorsed way to get passes now that it’s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
I send to nanog-owner@nanog.org, but I never hear back. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Randy Bush" <randy@psg.com> To: "North American Network Operators' Group" <nanog@nanog.org> Sent: Wednesday, February 26, 2020 10:24:03 AM Subject: idiot reponse action@nanog.org seems to no longer exist. how should i be whining about the following? From: Electric Forest Festival <info@electricforestfestival.com> Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions To: randy@psg.com Date: Wed, 26 Feb 2020 16:15:25 +0000 Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out. Lyte is the only HQ endorsed way to get passes now that it’s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
postfix =) /^From: .*@electricforestfestival\.com/ DISCARD On Wed, 26 Feb 2020 at 09:54, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett <nanog@ics-il.net> wrote:
I send to nanog-owner@nanog.org, but I never hear back.
I had sent this privately but I thought/think: nanog-admin@
I could totally be wrong :)
Wtf kinda one word response is that lol -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Feb 26, 2020, at 15:03, Selphie Keller <selphie.keller@gmail.com> wrote:
postfix =)
/^From: .*@electricforestfestival\.com/ DISCARD
On Wed, 26 Feb 2020 at 09:54, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett <nanog@ics-il.net> wrote: I send to nanog-owner@nanog.org, but I never hear back.
I had sent this privately but I thought/think: nanog-admin@
I could totally be wrong :)
On Wed, Feb 26, 2020 at 4:15 PM J. Hellenthal via NANOG <nanog@nanog.org> wrote:
Wtf kinda one word response is that lol
You missed the *very* important second line of the response, which makes the first, one-word line meaningful. Go back and read it again. ;) Matt
-- J. Hellenthal
The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Feb 26, 2020, at 15:03, Selphie Keller <selphie.keller@gmail.com> wrote:
postfix =)
/^From: .*@electricforestfestival\.com/ DISCARD
On Wed, 26 Feb 2020 at 09:54, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett <nanog@ics-il.net> wrote:
I send to nanog-owner@nanog.org, but I never hear back.
I had sent this privately but I thought/think: nanog-admin@
I could totally be wrong :)
On 26/02/2020 16:24, Randy Bush wrote:
action@nanog.org seems to no longer exist. how should i be whining about the following?
From: Electric Forest Festival <info@electricforestfestival.com> Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions To: randy@psg.com Date: Wed, 26 Feb 2020 16:15:25 +0000
Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out. Lyte is the only HQ endorsed way to get passes now that it’s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
This (or what it appears to be) is happening on an increasing number of mail lists. It's not many but it's there I don't know who is behind it or why, but it's an increasing annoyance. This is a quick summary of what seems to be happening: (1) A legitimate company's or organisation's helpdesk email address is signed up to a mail list like this one. (2) Every time someone posts to the list, they receive an automated notification from the helpdesk. (3) On mail lists where DMARC mitigation is in effect, the notification comes back to the mail list. (4) A consistent pattern is that the helpdesk staff seem utterly incapable of unsubscribing themselves from the list. They always seem to need to be unsubscribed by a list admin. The key question to my mind is how do these helpdesks get signed up at all? Presumably it's not the helpdesk staff themselves signing them up. It would appear that someone, somewhere has found a vulnerability in Mailman (as far as I can recall I've only seen this on Mailman lists) and is intentionally signing up legitimate company helpdesks to mail lists. Lists with an active admin/mod can fix the problem quickly by unsubscribing the helpdesk. Is it an attempted (rather feeble) DoS on the mail lists affected, on the concept of a mail list, or on the companies affected? I don't know. I can't see any real point to it. But it's happening. -- Mark Rousell
I've also seen employees leaving companies and their addresses being rerouted to the support mailbox. -- Patrick Am 27.02.2020 um 01:25 schrieb Mark Rousell:
On 26/02/2020 16:24, Randy Bush wrote:
action@nanog.org seems to no longer exist. how should i be whining about the following?
From: Electric Forest Festival <info@electricforestfestival.com> Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions To: randy@psg.com Date: Wed, 26 Feb 2020 16:15:25 +0000
Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out. Lyte is the only HQ endorsed way to get passes now that it’s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
This (or what it appears to be) is happening on an increasing number of mail lists. It's not many but it's there I don't know who is behind it or why, but it's an increasing annoyance.
This is a quick summary of what seems to be happening: (1) A legitimate company's or organisation's helpdesk email address is signed up to a mail list like this one. (2) Every time someone posts to the list, they receive an automated notification from the helpdesk. (3) On mail lists where DMARC mitigation is in effect, the notification comes back to the mail list. (4) A consistent pattern is that the helpdesk staff seem utterly incapable of unsubscribing themselves from the list. They always seem to need to be unsubscribed by a list admin.
The key question to my mind is how do these helpdesks get signed up at all? Presumably it's not the helpdesk staff themselves signing them up. It would appear that someone, somewhere has found a vulnerability in Mailman (as far as I can recall I've only seen this on Mailman lists) and is intentionally signing up legitimate company helpdesks to mail lists.
Lists with an active admin/mod can fix the problem quickly by unsubscribing the helpdesk.
Is it an attempted (rather feeble) DoS on the mail lists affected, on the concept of a mail list, or on the companies affected? I don't know. I can't see any real point to it. But it's happening.
-- Mark Rousell
On Thu, Feb 27, 2020 at 12:25:27AM +0000, Mark Rousell wrote:
This (or what it appears to be) is happening on an increasing number of mail lists. It's not many but it's there I don't know who is behind it or why, but it's an increasing annoyance.
There is a partial fix for this, at least for anyone using Mailman to run their lists (e.g., nanog): Set Mailman so that all new subscribers are moderated by default. Either new subscriber X will one day send real content to the list or they won't. If it's the latter, then it is very simple to use Mailman's interface to simultaneously (a) approve the message for distribution and (b) clear their moderation flag. If it's the former, then the message will only be seen by the list-owners and won't bother everyone on the list. [1] This doesn't help with copies that are sent directly to list-members, however. The fix for that is for responsible list owners (a) to be available at the -owner address (per RFC 2142 and decades of best practices) so that they can field problem reports and (b) to use Mailman to (a) unsubscribe the errant address and (b) ban it. I'd also recommend that they (c) publicly announce such actions with an "administrivia" Subject line on-list so that list members can take corresponding actions in their own mail systems. If nanog-owner isn't responding then that's a serious lapse and needs to be corrected immediately. Doing so is a fundamental part of basic mailing list administration. I'd also strongly recommend that list-owners have Mailman configured to notify them of all subscribe/unsubscribe events and/or to require manual list-owner approval for subscriptions. Interposing human beings in the process doesn't solve this problem but it provides the opportunity to detect and quash it early on. ---rsk [1] Note that this is also a partial defense against accounts which are hijacked and turned into bots. Given that -- on most mailing lists and especially on large ones -- the overwhelming majority of subscribers will *never* send any traffic, nothing is lost by doing this. But on the day when an account is hijacked and suddenly starts sending large amounts of traffic, none of of it will get through to the mailing list.
participants (9)
-
Christopher Morrow -
J. Hellenthal -
Mark Rousell -
Matthew Petach -
Mike Hammett -
Patrick Schultz -
Randy Bush -
Rich Kulawiec -
Selphie Keller