Technical: about false unsubscribe attempts (Re: Unsubscription amusement)

Mon May 6 10:11:44 UTC 2019

Hi Paul,

Am Montag 06 Mai 2019 10:00:06 schrieb Paul Sutton:
> Now I am getting unauthorized attempts to remove me from the fsfe.org list
> What exactly is going on here please.

technically: Anyone can use the mailman interface to request
an unsubscribe event for a specific mail address. Mailman then sends a 
confirmation email which can be ignored. This is a quite common mechanism,
to make it easy for people that want to unsubscribe. It works with many
internet offerings.

If it wasn't you that initiated the unsubscription event, it was somebody 
else. The mailman system can only record the IP address of the requesting 
server, and thus include it in the confirmation email. From the reports here 
and my own experience, we have a number of people being affected. So this 
likely is a scripted attempt to impersonate people by their email address.

For normal internet providers, this is against their terms of service. 
Therefor a friendly abuse complaint to the service provider of the IP 
originating false request maybe a next step if the person behind the script 
does not reconsider. 

Another step is to try to block temporarily from our server side if many 
unsubscribe events originate from the same IP, as this is a sign of malice.
As far as I know this is already being done, but the script seems to get 
started from several different IP addresses.

Best Regards,
Bernhard

-- 
FSFE -- Founding Member     Support our work for Free Software: 
blogs.fsfe.org/bernhard     https://fsfe.org/donate | contribute
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20190506/296841a9/attachment-0001.sig>