Slashdot Mirror
Looping E-mails Beat The Net Down
Staili writes "Singapore-based women's magazine caused problems when it forwarded its mails to a large list of recipients, mainly mailing lists. In addition to security@suse.com, some help and subscribe lists were included; the type of addresses that tend to send out an automatic reply confirming receipt. And the loop was ready." I'm sure anyone who's messed with mail enough
has accidentally created a loop or two in their day, but this is really
slimey.
If a "solved" problem like email actually brought the net down... for a while. How do you get patches for a sendmail program without using the internet?
I demand a million helicopters and a DOLLAR!
I remember an artical on /. about the blocking of Asian emails (mostly b/c of spam), and this mentions a Singapore-based magazine. Is it really time to consider the firewalling of certain asian email though we have to remember that many western businesses do business w/ eastern companies. If we let some isps through spammers will just route through them.
Carpe meam simiam!
My question is: Is it normal for a server to strip the headers from e-mails...
FROM THE ARTICLE: ["At savoixmagazine.com the mail headers were cut so it was almost impossible to find out where the mail originated from," said Drahtmuller. The everyday analogy is a letter stripped of its envelope that had the original return address printed on it, repackaged in a new envelope with a different return address, and forwarded on. "Usually mail loops like this are not possible with Unix systems because they always maintain the headers," he added.]
I'm not a e-mail expert, but why where those headers missing? (I did not see any reason given in the article.)
Accentuate the positive, don't waste your mod points on the negative.
I'm guessing that's the magazine's view of us, anyway. (-:
Got time? Spend some of it coding or testing
Yep, I've seen this before, it happened with two web.de mail accounts which had both set up reply messages that the mail had arrived and guess what happened ... but i think they've done something against it, at least i hope it!
Life sucks.
And for anyone who thinks that email is a "solved" problem, should read my rant about broken autoresponders. (which is not about loops, but does cover how "solved" things can be broken).
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
This happens at my job all the time, and I assume it happens other places with internal mail servers.
Management sends out a promotion announcement or some such to everyone, those on vacation autoreply...To ALL recepients. And the war is on!
I think enough people slapped management that they finally started using BCC. But sometimes someone new comes and they forget.
of Dante's inferno would recieving an endless loop of tips on "How to please your man" fall under?
back when i was a freshman in college someone managed to assemble an email list of all the students/faculty/staff. It was first used by someone outside the school to spam the entire campus, with all the addresses in the To and Cc fields, making the list available to anyone who received it. So someone attempted to sell their Chem Eng books, and you can picture the hell that broke out.
Quickly the list became nothing but people hitting reply-all and saying "knock it off!" and "get me off the list!" Of course, all those emails and addresses in the emails meant trouble for the mail server, causing mail to get delivered multiple times and DOS'ing normal mail.
It got so bad that I had about 100 emails in a five minute span at one point. It took a Dean's sending out an email to an announcements list pointing out school policy on mass mailings to stop it.
Thankfully, everyone from those trying to sell stuff to those saying "quit it!" all had to write a 500-word essay about why what they did was wrong.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
This has happened 4 or 5 times to me in teh last few weeks...
When I decided to create a mailing list, I kept the list of address in a BCC field, in an address book entry on my computer. There's no way for anyone besides me to mail everyone. If mail bounces it just comes back to my address.
Why would anyone make a list that bounces all replies back to the entire list again? It doesn't say if this was the first time they tried using the list or not, but I would figure it if was set up to do that once, it would have done it before. I mean, addresses on my list are constantly falling out of service, and I'd hate for everyone else to get all the "could not deliver" notices and the like. I find it a little hard to believe that someone would set something up like that as an accident.
My Webcomic: Asylum on 5th Street
Oh man, this is just hilarious:
When Drahtmuller contacted savoixmagazine.com's hosting company in the U.S., the situation slipped into the ridiculous as the hosting company tried to reply in Drahtmuller's native German language. "Even though we contacted them in English, they ran their response through Babelfish (translation software) so we couldn't understand what they were saying," he told ZDNet U.K. "In the end we blocked their servers from our mail exchanges. We did what we could but the problem still existed."
News at elven: configuring mail servers properly.
This is worst slashdot post I've seen in awhile, this isn't important. This is a lesson in stupidity.
Too bad TCP/IP programming is easier with Unix systems so it would be -easy- for anyone with a computer science degree to write their own server and configure it to cut out the headers. Thanks to open source anyone could even download the source code to the server and merely modify the part that makes the headers.
- E-mail from the Singapore magazine
- Replies from well-intentioned SuSE list readers complaining about it
#1 is easy, just firewall the magazine. #2 is the SuSE list users' fault. You get a bunch of spam, so you spam the list about it? I guess SuSE had no choice then but to shut down the list, but I hope they send out an e-mail before they do advising people on where they should send their complaints next time this happens.Clearly it was spam (the UBE sort).. This magazine needs a little netiquette lesson, and a slap on the wrist.
Yes, it certainly is slimy.. It's bad that someone would subscribe an address to a mailing list (and then autoforward mail from the address), and it is also bad that list servers don't provide some protection against this [ie: automatically blocking mail they're bombed with]
I remember back in the day we did this to a certain guy we knew, we set up these "free email forwarding" accounts and had 5 accounts. Each of them was set up so that when it received an email, it would forward to the other four and our mark. It took oh, about an hour for his email box to receive 16,000 emails saying "your hard drive is now full" (he ran his own mail server at the time.) Those were the days.....
El Karma: excelente(principalmente la suma de moderación hecha a los comentarios de los usuarios)
Attack the hosting company, and the saviour site. Eat up as much bandwith and they wasted! They are
1: too stupid to correctly configure there system(punish them.), in which case even a simple attack would confound them for hours if not days.
2: diabolical fuxors who did it intentionally(kill).
Either way....
Before my bank's introduced their online banking, you could submit your email address on their site if you wanted to be notified of their beta test. Well, one late Friday afternoon I got an email notifying myself and all the others of the beta test progress. Unfortunately the person sending out the email put as many people as they could fit into the To: address. People started reply-ing to all, saying things like "Please unsubscribe" and complaining about getting so many emails, etc.. Of course because this was sent out on a friday, so this went on all weekend. Hundreds of replies went out by monday, when they asked nicely for everyone to stop hitting reply-all.
Epilogue: I wrote the VP of the company and expressed my concern that if they weren't competent enough to use email, how was I going to trust them with my money online. The VP sent me an apology and a $50 traveler check gift!
_______
2B1ASK1
"The Haley Enterprise" (http://www.haley.com) did the exact same thing several years ago when they spontaneously created an "ADVantage, Intelligence" (heh) newsletter and automatically subscribed everyone who'd ever contacted them for information on their products-- naturally, attempts to unsubscribe went straight to the main list, with the headers munged, so that within minutes thousands of people were emailing each other trying to figure out why they were getting this crap from complete strangers. I think it took Haley about three days to figure out how to shut it down. Yeah, I trust these guys to write software for MY business...
A similar misconfiguration resulted in a mailing loop a couple years ago with asynchrony-projects.com: somehow members-bounce@ was rewritten to members@; the net result was that a single incorrect subscribed email address caused a about a hundred emails to be sent out to 1000+ subscribers to the mailing list.
These problems are easy to fix, but people make mistakes... personally I'm surprised the number of mistakes has been so limited thus far.
Tarsnap: Online backups for the truly paranoid
I am actually surprised by the number of times people send out email not knowing who will receive it or the number of people in their CC list. Most email clients don't let the end user see how much damage they have done. The goal of a developer is to give the users the power to get their job done, but so often you find people are clueless on what the power is or how to use it.
Personally, I would like to see email merge with databases. With a good relational DB, it is easy to show users what's gone through the pipe and how many emails your company has sent to a client, etc.. You can integrate the email into your CRM, etc. You can also place constraints on the system that can prevent this type of mailing list abuse that generates so much unwanted garbage.
Working with pure email clients (sendmail, exchange, whatever) seems to be like trying to fit a round cat through a square hole.
Its obvious that the women readers of the said magazine have the hots for German Linux developers and they tried to show their interest in them. True it wasn't in the best possible way but they did give a signal which the Suse guys completely misinterpreted. Sad.
At the intersection of computation and biology.
Why didn't these mailing lists just restrict who can post onto their lists to those actually on the list?
--
http://www.aikiweb.com - AikiWeb Aikido Information
The funny thing was that I'm not on any Suse email list or on savoixmagazine.
Perhaps it happenned again but missed me. I've been out of the loop a lot recently.
Before my bank's introduced their...
Before your bank's what introduced their... ???
There seems to be some insidious 'oh, it's those clueless Asians' thread running through so many Slashdot posts recently that I think it's time the balance was addressed.
That thread is based on the emperical experience of thousands of mail admins throughout the world (not just the US, as your slashdot bash inaccurately implies). If those whose ISPs (and in some cases, countries) are being blocked wish to demonstrate otherwise, all they have to do is administer their mail servers competently and close down their open relays.
Until then, their inaction will speak louder than your words, be they from Singapore, Korea, or wherever. As one who has travelled to those places I am reluctant to block entire countries, but my boss doesn't want his mailbox filled with SPAM and if blocking half of Asia is how I appease him, then half of Asia will be blocked, period. My personal fondness of Asia (and, for that matter, Africa, and Europe, and other places I have had the privelege of visiting in the last several years) will play absolutely no role in this decision, and no role in my opinion of the (in)competence of ISP mail adminsitrators in those locations. The only metric of any concern is how many open relays there are, and how those responsible act (or, in the case of many notorious Asian providors, particularly in Korea, don't act) when the issue is brought to their attention.
As for the differences in phone systems, you are comparing apples and oranges, and assuming one causation (lack of technical knowhow) when a completely different causation (lack of well defined, enforcable government standards resulting from a lassaiz-faire market mentality in the last several administrations) is responsible, then trying to apply the erroneous conclusion derived from your erroneous assumption back to another issue that is, in any case, completely unrelated.
Internet booths are another example of the logical fallacy you have fallen into in making this argument. In a country in which more than half the homes have their own PCs, and just about every public library is already on the net (along with many schools), internet booths would be a profound waste of money. In other words, you have brought up another completely unrelated topic and misapplied it to your original argument, namely what approaches empower the most people to use the internet under what conditions, with those conditions in Singapore quite different from the United States, which in turn is very different from the UK or the rest of Europe. Clearly that has absolutely nothing whatsoever to do with the competency level of mail administrators in Asia, Africa, America, Antarctica, Mars, Pluto, the NGC-1 Nebula, or anywhere else for that matter.
The Future of Human Evolution: Autonomy
I could see it now, two mailers dueling it out, sending automated responses back and forth.
Subject: RE: RE: RE: Confirmation of your mail
We've recieved your comment and will get back to you.
>comment recieved
>>We've recieved your comment and will get back to you.
>>comment recieved
>>>We've recieved your comment and will get back to you.
>>>>comment recieved
>>>>>We've recieved your comment and will get back to you.
Even though we contacted them in English, they ran their response through Babelfish (translation software) so we couldn't understand what they were saying
You've got to laugh. Rebecca Ore once told of her colleague trying to deal with some francophone Canadian sysadmins. "He just babelfished them until they gave up and started using English."
I once inherited a smallish network (70 nodes) that was using an NT box as a web gateway and mail server. It was running something called Xtramail, which is a truly bloody horrible piece of software. While I was trying to figure out how to gracefully get rid of this box (a 486 on ISDN), one of the users wanted to create a mailing list.
Ok, no problem. Read the docs, slurp this list, check these buttons, viola. One of the cute little checkboxes was "Only allow owner to send list mail." Duh - I checked it. The guy sent his email (only about 200 list members) and we went home.
I came in the next morning to 20,000 emails just in the queue. That fucker sent our tens of thousands of emails overnight, because the send restrict wasn't working. There were a couple dead addresses on the list, and they of course bounced - and Xtramail politely returned those bounces to the entire list. Wash, rinse, repeat. If that place had had a real server and a real 'net connection, it could have sent millions of emails in that time. As it was, many people on the list were (quite justifiably) pissed.
So I called up whoever owned Xtramail at that time (Artisoft at that time, but a different company now - can you say, "hot potato?") and had a slightly polite shit fit. The guy flat-out refused to acknowledge it was a problem, until I made him go through the same steps on his local copy.
Crickets.
"Uh, looks like that option isn't working. I'll have to file a bug report." Then I spent another 45 minutes trying to get accounting to refund the $200 I'd given them for the support call.
They never did fix the bug, but I gave up my plans to have a graceful transition. I pulled that POS out the same day and installed another little NT mailer, quite a nice one, until I replaced the whole thing with a qmail FreeBSD box.
No moral to the story, really ('cept I should have been more paranoid, and tested the list more). But I bet more than a few readers have had that quick "oh shit" feeling as they saw the queue filling up.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
I bet some choice congressmen would find this kind of thing 'Innovative'...
I know, it's bad...
Hire me...
about a year ago, the Internet in my state near collapsed. It was all the problem of a very large mailing list managed by one of the major telecom companies of our state, aimed to thousands of lawyers. This mailing list was supposed to be "one way only", that is, the company would send the lawyers daily news about law, but one smart lawyer replied with an unsubscribe message, and all of them got it. They all started complaining, and you know lawyers, they cannot be objective, but wants to show the others how they can write "beautifully". The next step was the threats of suing the others, and this threats, of course, were also "replied to all". In a few hours the traffic was so high that all users (since there were lawyers in most ISPs), could not use the internet. After the mail server was shut down, and the policy of the mailing list changed so that only the moderator could post, the problem started to disappear.
Clueless lawyers.
Just read the article, reminds me of when sometimes you apply to participate in a beta testing of something, and 2 weeks later you're putted on a mailing list with no warning other than the message, and there's always some newbies (and total idiots) that put their email addresses everywhere and wonder why "out loud" after.
:)
You start receiving message from people that are asking "WTF" and then people replying to get out of the list and the gazillion "me too" posts and then the bitching following because they aren't putted out and receiving another million of people bitching at the last million emails...then a moderator jumps in, exmplain the situation, then you get another bunch of emails because people didn't read it, and it goes on until the moderator +M the list.
What's the mistake?
1. not taking the people for complete idiots
Not meant in a insulting way, but rather that taking for granted that people will understand X and Y and Z, it's not because they signed up for a beta, or whatever, that they are mature people or good with internet/communicating/netiquette. So if you take for granted that you will operate a bunch of monkeys for a start, you won't get this problem, and the more you see how the list is, the more slack you can cut off.
Basically it's like a server, if you open all access to everything, and cut after, it's hell with the users. If you start strick and cut some slack, it's always better (best example being the quota, people flood your drives, and blam!. the other way around is people manage their space, and welcome the added storage). This is a stretched example but the concept can apply to a mailing list when all the posts needs to be moderated (pain in the ass and you don't get instant feedback) versus when they go freely in the list, to people that KNOW they will receive the email and will react correctly.
2. The lack of experience at managing mailing list.
Just go to egroups and looks at all the flame/crap going around in some mailing lists... sometimes it goes out of control and gets ugly, a good moderator knows when to jump in and how to so nobody gets offended and people drop it willingly instead of being forced to.
3. Lack of technical expertise and lack of communication
Something lame, but if you setup a mailing list for your customers for example, and you don't know what the "digest versus individual email" mode does, and you don't even bother to check, (well this is a lame example again but you get the idea) well if you have an average 20 emails a day for lets say, update on a product or different security patches for different modules and some will concern everyone some won't but you send them anyways, maybe you should be sure of every switch you'll turn on on the mailing list software, and be sure to ask the customers over the phone if they'd like an email for every fixes or a batch in 1 email every day for example (or better, give them the option and explain it clearly).
And also, never forget that you are dealing with human being, this might sound stupid, but everyone here that ever ran a BBS, or a mailing list, knows what this means and the implications (flame, mistakes, etc).
Sometimes Mailing list are a good thing, most time, people tend to forget that FORUMS can do as much and even better (search, no need to give out email addresses, etc). A counter-example would be to issue security alerts, for this, email rules. You have to weight the for and against for the project you are working on, and if you are to be moderator, be sure you know exactly what you are dealing with, both the software and the target people, and setup with these previous raw guidelines in mind, and unless you make a big mistake, it should go fine.
My $0.02
--- Metamoderating abusive downgraders since my 300th post.
Go with In Style. Hotter chicks.
Because - negative as it may sound - humans and spanners are fuckwits.
I say we take off and nuke it from orbit. It's the only way to be sure...
> I bet you're a Democrat since the idea of being required to do some work is offensive to you.
It's not about the work - it's about the poor customer service that is plaguing universities nationwide. The customers (students) may have been in the wrong, but that doesn't mean you should ridicule them. You need to decide if their actions warrant losing their business. The universities know they can treat you like shit and people will keep giving them money because there is no alternative (since they are all the same). Then again, perhaps being continuously fucked in the ass is real world preparation after all...
(speaking as a person who is sick of being treated like a piece of dog shit by the university he shelled out some significant coin to)
Vacation by any other name ...
I manage such lists with majordomo, and the program works fairly well.
Yahoo Groups does this (which used to be OneList, which used to be...) as a service, as does several other portals. In addition, software packages often keep mailing lists for the users of said software, as a way of tracking bugs, asking newbie questions, etc.
In the case we are discussing, the security email list for the SuSE linux distribution was one of the ones hit by the email storm, due to a misconfiguration by the Singapore women's magazine list.
Need a Linux consultant in New Orleans?
Even sharks are not that bad. They do sometimes bite each other in a feeding frenzy, but this is much less often than lawyers threatening to sue each other. I love this story. I'm going to send it to all the lawyer mailing lists I know of.
now we need to go OSS in diesel cars
To get your sendmail patches, dial in to your friendly neighborhood BBS!
rewrite
</IfModule>
This is a cool idea, but, if you do this, doesn't it make your machine the source of the request to www.microsoft.com?
Just curious.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
If the internet in your state nearly collapsed, what's to keep this from being applied, maliciously, on a wider scale across a nation or the world?
Idea #1: Several e-mail worms exploited sending mail to all addresses in users' address books. The impact was rather dramatic. What if the e-mails were ALSO sent to mailing lists instead of just individual e-mail accounts?
Idea #2:Could a malicious user subscribe to a number of mailing lists, using different e-mail accounts, and then auto-forward all the accounts to each other? Maybe with a few auto-responders in the bunch? (Not sure of the specifics, here, but the idea is to get an e-mail that comes in, to automatically go back out to at least one, if not several, other accounts and/or mailing lists.)
Up until the time that the accounts are cross-forwarded, everything looks normal. Could even sign up these accounts with known spammers to get a good-sized stream of e-mail flowing.
At some point, just cross-forward / auto-respond / etc. the accounts and wait for the first e-mail to a mailing list to get the ball rolling. If enough lists are signed up, and accounts cross-forwarded... well, by the time it's figured out, there'd be so many people replying to the messages that the impact could be pretty massive.
Idea #3:Opt-in many large mailing lists to many known spammers.
These seem like obvious ideas to me, so I'm wondering if I'm missing something obvious? What's to kep these from happening?
so this user goes on vacation and creates a little agent to send a copy of all incoming mail to his private mail account.
Nothing wrong with that.
Until she fails to religiously pick up her private mail every day and her mail box fills up.
So her providers mail server sends the forwarded mail back to her business address.
Where the agent runs and forwards it to her personal address.
When I got into work on Monday, it was quite a pain to get this mess out of the system, a total of over 80.000 mails had to be killed on 3 servers.
Big fun.
... a beowulf cluster of those loops... :-)
Over the last few days, I got a torrent of messages into my inbox. Though they didn't seem to come from suse or savoix; they came from someplace called lusopeople.com. I wonder if this has anything to do with them or not? The majority of them are all just foreign garbled messages.
At any rate, the torrent seems to have abated; perhaps it's over now.
Editor Emeritus and Senior Writer, TeleRead.org
I've fixed this by setting all my lists "reply to sender" instead of "reply to list". Most list managers I know of have the ability to configure this.
I've gotten yelled at by a few list-protocol nazis out there, well, one in particular, but their reasoning never made sense to me, so I just ignored them. If you make replying to the list a deliberate act by an actual human being, then there' no infinite ping-pong, as far as I've ever been able to see.
---------- Financial Crypto is the Only Crypto That Matters
A (former?) bug in the congress mail server caused 50 replies per email if you cc (or maybe bcc'd) mail to the senators (not sure about congressmen).
I know of a forged email 'from' the wite house that exploited this.
'-)
I do remember the clipper chip.
Of the handful of retail locations open today, the one I had a chance to get to before they closed didn't have any replacements (Hmmm. I wonder why they ran out? Could it be they had a few other people bring theirs in, too?) - at least that were working. Since tech support (including the guy who told me to go to that store) works upstairs from that particular retail location, I pointed out this fact and asked if there were any spares up there.
After much discussion via AIM between Customer Service and Technical Support, a friendly soul emerged from upstairs with 'their test modem', which I gladly accepted, knowing that it would therefore be in good order, which is how I found out about this 'update' thing.
Since only half of their retail outlets are even open on Saturday (with abbreviated hours) and none on Sunday, it seems to me like Friday night is exactly the worst time to send out an 'update' with the potential of breaking something.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
Downsizing can make anyone look retarded. When there are not enough people to do the work, the work does not get done.
Downsizing is only half the problem anyway. There are whole industries where the average age of engineers and craftsmen is around 50. Those companies have not hired waves of new people for 20 years or so, and fired many of those that were lucky enough to get on. Think that 60 year old overworked survivor really cares about training sucessors? Nope, they are looking for a package and will give the job to you the way they got it, learn as you burn. Many great mistakes will be repeated. I believe that this really boils down to a single factor. Does the person in question really give a shit about the consequences of his or her actions?
You are entitled to your opinion. Most normal people quit jobs where things are starting to fail. The lucky ones find good alternatives. The loyal ones get stuck with a job that much more difficult. How many years of your life are you willing to give up to hopeless causes? Everyone knows the general rules. Some are lucky enough to put the big changes off as good practice, sometimes the law, demands.
I feel awful for people who do real work at the telcos. Change sucks, and they are getting plenty of it. Imagine starting your career there before deregulation. Off you whent to serve the regulated monopoly and the public. You accepted low salaries in exchange for stability and pride of serving one of the best and cheapest telco services in the world. You also put up with the more inane political nonsense and tried to just do your job.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
... and I'll say that I've never heard of that magazine.
.com bubble (although obviously not quite as caught up in it as the US), and (b) "savoixmagazine" doesn't seem entirely what you could call a "big player" in the local market (though who knows in the future, what with the infamy they're accruing from this incident? :-). Correspondingly, perhaps their admin side isn't so clued in as to be able to properly guard against incidents like this occurring.
Just as not *all* Americans are SUV-driving, shotgun-wielding, cowboy-hat-and-flannel-shirt wearing beer drinkers, not all Asian sysadmins touch the DontBlameSendmail config option. We have our share of not-even-halfway-to-halfway-competent fellows trying to set up web servers that subsequently get hijacked, we have our share of management PHBs printing out emails in order to read them, we've got crackers making use of school terminals trying to break into sites with rootkits (check out the Project Honeynet incidents) etc. etc. We've also got capable sysadmins, IETF members(e.g. look at RFC 2822) etc. etc. .
I'll say now that (a) Singapore did not "sit out" the whole
Some people are thinking of/already blocking off "all Asian mail". Well, I think if you step back and look at it, it's just another part of the fallout from the whole dotcom bubble. For the past few years, just as much as in the US (perhaps more?), you've got endless news reports, profiles, etc. etc. of all the "dotcom billions" being made and waiting to be made... people who make less in a year than an average American makes in a month aren't going to be able to resist. They may not have the chutzpah to imagine they'll become the next Bill Gates, but hey, you don't really need ALL of 50 billion do you? I'm continually stunned by the willingness of people who really don't know anything trying to set up technology businesses. Is it any wonder if you've got penetrated/crap servers everywhere?
Anyways this looks to me like an "error" as opposed to an open-relay-allowing-for-spam issue; plenty of people make mistakes although in this case the "price" in terms of wasted bandwith/time/etc. is high. It won't be the last time, either.
There is a certain secure email company asking the lawyers of BC to re-register for service this year as the free evaluation/pilot period was expiring.
You guessed it. They sent this to hundreds of personal "Only-use-this-only-for-important-matters" addresses. All in the To: line.
I don't think anyone is going to sign up.
If you don't want to repeat the past, stop living in it.
Not much pisses me off more than people that put their entire list of "SPAM" (good or bad) email recipients in the CC or TO field instead of putting them in the BCC field.
Recently, my cousin was one of these abusers, and, being family, was totally fair game for some retribution. He was about 6 weeks away from leaving his job to go back to school, so he emailed his hotmail account a message, and CC'd that message to EVERYONE in his contact list at work, all so it was easier for him to import their addresses into Hotmail. There were over 350 people in this list. If this wasn't bad enough, he mis-spelled his hotmail address on the first message he sent out so he sent a SECOND message.
Well, that was the final straw.
Now, little known to Steve, me, being somewhat of a techie, had acquired his SteveLastname.com domain name as an upcoming birthday present. I proceded to send out an email to EVERYONE on his CC list, pointing out the totally innapropriate way in which Steve had used his email, and made a general call for embarrassing pics, stories, etc., that we could use to shame him.
Well, within 2 minutes, his dad sent in a Christmas pic of Steve when he was 7, his brother sent in his 1st date pic, and friends from work sent in pics and stories from the bar, etc. Each time something new came in, it was put up on his site and the email list was notified. It's interesting to note that the opt-out was included in the first response, and at the end of the day, only 2 guys had done so.
Now, let me fill you in a little bit on the scope of this little prank. You see, Steve was working at the largest investment bank in Canada, and probably 80% of the people on the list were his fellow workers. Well, word spread. Within an hour of the first notification, the site had been hit almost 1,000 times. At the end of a fun, 4 day run, the site had been hit almost 60,000 times (page views). To top it off, the top execs at the company (CEO, CTO, CIO, etc.) all made a field trip at the end of one of their exec meetings to come down and say good-bye to Steve in person. Now, Steve was a little terrified over this attention from the execs, but it was nicely relieved when they proceded to hand him a letter of reccommendation signed by all of them and they all had a good laugh about it.
All in all, it was pretty fun, and Steve was a good sport, but at the end of the day, email abusers still piss me off!
$0.02 (CDN)
Sheep shaggers drink speights, it only tastes good if you've been riding down a dusty rural road for an hour to drink it.
Really desperate farmers drink tasman draft, it's almost bad enough to be adopted by australia as a true blue beer.
I wouldn't have a clue what american beer is like, I once tried Budweiser beer and I had to piss in it to make it stronger.
What americans call beer, we call watered down urine. If you want NZ beer you can handle, try Mako, Lion ICE or Flame.
The best NZ beers are Steinlager, Tui and Flame. The only good things from the South Island are the mineral water, electricity and the raincoats.
I live in the centre of New Zealand, wellington. We can see the south island from the hills and southern beaches of the suburbs.
Wellington by far is the best place in New Zealand, we have the people, the culture, the government and no traffic jams.
We don't care what drink you try, unlike those snobs in Auckland.
- Kaos games and encryption systems developer
Ah, another Hogfather fan... (-:
If you then practiced, er, discipline with them, could they then be mail order pigs without being Catholic? The Catholics seem to have a monopoly on male-order pigs...
Got time? Spend some of it coding or testing
One of the programmers here was taking a few days off work. He had a few bits and bobs on his work machine that he wanted to transfer to his home PC. Instead of searching around for floppy disks, he bundled the stuff up in a zip file and emailed it to his home account as an attachment that was a few megabytes in size. In case anything important came up while he was away, he set up his work email program to automatically forward mail to his home account. Maybe you've already guessed what happened. Moments after he left, the zip file he sent made its way to his home account, where it was bounced by his isp because his mailbox was already too full. The mail was returned to his work email inbox, attachments and all, and the auto-forward promptly kicked it straight back out. This cycle continued for some time until our network admin guy had to come in and investigate why the mail server was having a fit. He removed several gigabytes of duplicated mail while breaking the cycle. All too easy a problem, it seems.
I'm surprised that this didn't happen to anyone else...
I was on a mailing list where this happened, and it ended up not being so bad, until a few bad apples came along...
I found it personally funny, but I knew there were a lot of people that were surprised and shocked to find various emails that started like this...
"Thank you for joining our opt-in marketing scheme!"...."Thank you for joining the free sexy school girl pictures mailing list"... etc etc....
Since the confirmation obviously was sent to everyone, some people got the bright idea to subscribe and confirm the subscribtion, and the spam really started flowing then!
Needless to say, many were very angry, and I don't think they ever figured out who did it. Just my story.
One company I know routinely holds all emails with attachments for two or three hours to see if the company is getting spammed with the same attachment sent to dozens/hundreds of people...
Excellent example of the insidious nature I mentioned. This topic isn't even about open relays - it's about a mailing loop.
The two are related, as any rudimentary understanding of how mail systems work will make clear. Without the open relays the SPAM could not be sent to the mailing lists with their header information forged and hiding the sender's online identity. The offending messages resulting in these mail loops are originating from open relays, most of which are in Asia.
But be that as it may, you miss the point entirely (perhaps willfully?).
It's ridiculous.
No, its the only option the Asian providors are leaving us. Making a "newbie" mistake, as you misleadingly put it, is one thing. Willfully refusing to fix the problem when it is brought to your attention is something else again. Those "western" sites you refer to either fix their open relays (the most common response) or get blocked themselves.
What is more, for the last half decade almost all mail servers come with open relaying shut off by default, which means these "clueless newbies" almost certainly had to turn open relaying on, deliberately.
It is not unreasonable to infer from two deliberate actions, namely turning on open relaying in the first place, then refusing to fix the problem when it is abused and people complain, that the administrators of these sites are either appallingly incompetent or obscenely complacent. In either event we can be certain of one thing: if we want to stop receiving SPAM from these sites, we have to filter them. Period.
The Future of Human Evolution: Autonomy