Technical: about false unsubscribe attempts (Re: Unsubscription amusement)
Bernhard E. Reiter
bernhard at fsfe.org
Mon May 6 10:11:44 UTC 2019
Hi Paul,
Am Montag 06 Mai 2019 10:00:06 schrieb Paul Sutton:
> Now I am getting unauthorized attempts to remove me from the fsfe.org list
> What exactly is going on here please.
technically: Anyone can use the mailman interface to request
an unsubscribe event for a specific mail address. Mailman then sends a
confirmation email which can be ignored. This is a quite common mechanism,
to make it easy for people that want to unsubscribe. It works with many
internet offerings.
If it wasn't you that initiated the unsubscription event, it was somebody
else. The mailman system can only record the IP address of the requesting
server, and thus include it in the confirmation email. From the reports here
and my own experience, we have a number of people being affected. So this
likely is a scripted attempt to impersonate people by their email address.
For normal internet providers, this is against their terms of service.
Therefor a friendly abuse complaint to the service provider of the IP
originating false request maybe a next step if the person behind the script
does not reconsider.
Another step is to try to block temporarily from our server side if many
unsubscribe events originate from the same IP, as this is a sign of malice.
As far as I know this is already being done, but the script seems to get
started from several different IP addresses.
Best Regards,
Bernhard
--
FSFE -- Founding Member Support our work for Free Software:
blogs.fsfe.org/bernhard https://fsfe.org/donate | contribute
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20190506/296841a9/attachment-0001.sig>
More information about the Discussion
mailing list