Slashdot Mirror
Looping E-mails Beat The Net Down
Staili writes "Singapore-based women's magazine caused problems when it forwarded its mails to a large list of recipients, mainly mailing lists. In addition to security@suse.com, some help and subscribe lists were included; the type of addresses that tend to send out an automatic reply confirming receipt. And the loop was ready." I'm sure anyone who's messed with mail enough
has accidentally created a loop or two in their day, but this is really
slimey.
back when i was a freshman in college someone managed to assemble an email list of all the students/faculty/staff. It was first used by someone outside the school to spam the entire campus, with all the addresses in the To and Cc fields, making the list available to anyone who received it. So someone attempted to sell their Chem Eng books, and you can picture the hell that broke out.
Quickly the list became nothing but people hitting reply-all and saying "knock it off!" and "get me off the list!" Of course, all those emails and addresses in the emails meant trouble for the mail server, causing mail to get delivered multiple times and DOS'ing normal mail.
It got so bad that I had about 100 emails in a five minute span at one point. It took a Dean's sending out an email to an announcements list pointing out school policy on mass mailings to stop it.
Thankfully, everyone from those trying to sell stuff to those saying "quit it!" all had to write a 500-word essay about why what they did was wrong.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Right, well I've been to Singapore and I have to tell you that its IT and communications are in a very good state. In fact, I'm rather hoping someone actually from Singapore will chip in here
Singapore was the first place I saw ADSL in. It has a row of internet 'phone' booths on its most popular shopping street (Orchard Road). In my hotel, 24 internet access was available for a ridiculously low fee (12 SGD I think). It was cheaper for me to phone the UK from my my hotel than it was for a person in the UK to phone me. Cheaper from a hotel phone.
There seems to be some insidious 'oh, it's those clueless Asians' thread running through so many Slashdot posts recently that I think it's time the balance was addressed. The US's mobile phone system, for example, is an utter shambles compared to the Asian systems. I was reading on a UK's paper site that BT was planning to roll out the world's first internet booths - I was reading it from an internet booth in Singapore.
I can assure everyone that the people I worked with in Singapore were quite bright enough to run systems properly, and every bit as interested as their Western equivalents in doing so.
Cheers,
Ian
Before my bank's introduced their online banking, you could submit your email address on their site if you wanted to be notified of their beta test. Well, one late Friday afternoon I got an email notifying myself and all the others of the beta test progress. Unfortunately the person sending out the email put as many people as they could fit into the To: address. People started reply-ing to all, saying things like "Please unsubscribe" and complaining about getting so many emails, etc.. Of course because this was sent out on a friday, so this went on all weekend. Hundreds of replies went out by monday, when they asked nicely for everyone to stop hitting reply-all.
Epilogue: I wrote the VP of the company and expressed my concern that if they weren't competent enough to use email, how was I going to trust them with my money online. The VP sent me an apology and a $50 traveler check gift!
_______
2B1ASK1
Its obvious that the women readers of the said magazine have the hots for German Linux developers and they tried to show their interest in them. True it wasn't in the best possible way but they did give a signal which the Suse guys completely misinterpreted. Sad.
At the intersection of computation and biology.
Somehow, few people seem to be able to get the autoresponder/autoforwarder thing right, despite the fact that it doesn't seem that hard and has been done correctly before. (Then again, there seems to be a dearth of good systems programmers around these days; I'm becoming increasingly cynical about such things.) Every day, I get auto-replies to MAILER-DAEMON's bounce messages, and every once in a while, some b0rken forwarder creates a mail loop. Unfortunately, when I try to tell the people responsible why what they are doing is a bad idea, they're usually not interested in hearing about the danger of mail loops.
Here are some things I've come up with over the years:
1) Never, ever auto-reply to MAILER-DAEMON or Postmaster (procmail has good regex macros for this -- use them or copy them).
2) Preserve the headers of messages you forward.
3) Set an X-Loop header and check for it (or *any* X-Loop header if you want to be paranoid).
4) Don't autoreply to the same address twice during [definable time period].
Those things just seem like common sense to me. Maybe someone else here knows more about the subject than I do. There has to be a HOWTO somewhere.
There seems to be some insidious 'oh, it's those clueless Asians' thread running through so many Slashdot posts recently that I think it's time the balance was addressed.
That thread is based on the emperical experience of thousands of mail admins throughout the world (not just the US, as your slashdot bash inaccurately implies). If those whose ISPs (and in some cases, countries) are being blocked wish to demonstrate otherwise, all they have to do is administer their mail servers competently and close down their open relays.
Until then, their inaction will speak louder than your words, be they from Singapore, Korea, or wherever. As one who has travelled to those places I am reluctant to block entire countries, but my boss doesn't want his mailbox filled with SPAM and if blocking half of Asia is how I appease him, then half of Asia will be blocked, period. My personal fondness of Asia (and, for that matter, Africa, and Europe, and other places I have had the privelege of visiting in the last several years) will play absolutely no role in this decision, and no role in my opinion of the (in)competence of ISP mail adminsitrators in those locations. The only metric of any concern is how many open relays there are, and how those responsible act (or, in the case of many notorious Asian providors, particularly in Korea, don't act) when the issue is brought to their attention.
As for the differences in phone systems, you are comparing apples and oranges, and assuming one causation (lack of technical knowhow) when a completely different causation (lack of well defined, enforcable government standards resulting from a lassaiz-faire market mentality in the last several administrations) is responsible, then trying to apply the erroneous conclusion derived from your erroneous assumption back to another issue that is, in any case, completely unrelated.
Internet booths are another example of the logical fallacy you have fallen into in making this argument. In a country in which more than half the homes have their own PCs, and just about every public library is already on the net (along with many schools), internet booths would be a profound waste of money. In other words, you have brought up another completely unrelated topic and misapplied it to your original argument, namely what approaches empower the most people to use the internet under what conditions, with those conditions in Singapore quite different from the United States, which in turn is very different from the UK or the rest of Europe. Clearly that has absolutely nothing whatsoever to do with the competency level of mail administrators in Asia, Africa, America, Antarctica, Mars, Pluto, the NGC-1 Nebula, or anywhere else for that matter.
The Future of Human Evolution: Autonomy
I once inherited a smallish network (70 nodes) that was using an NT box as a web gateway and mail server. It was running something called Xtramail, which is a truly bloody horrible piece of software. While I was trying to figure out how to gracefully get rid of this box (a 486 on ISDN), one of the users wanted to create a mailing list.
Ok, no problem. Read the docs, slurp this list, check these buttons, viola. One of the cute little checkboxes was "Only allow owner to send list mail." Duh - I checked it. The guy sent his email (only about 200 list members) and we went home.
I came in the next morning to 20,000 emails just in the queue. That fucker sent our tens of thousands of emails overnight, because the send restrict wasn't working. There were a couple dead addresses on the list, and they of course bounced - and Xtramail politely returned those bounces to the entire list. Wash, rinse, repeat. If that place had had a real server and a real 'net connection, it could have sent millions of emails in that time. As it was, many people on the list were (quite justifiably) pissed.
So I called up whoever owned Xtramail at that time (Artisoft at that time, but a different company now - can you say, "hot potato?") and had a slightly polite shit fit. The guy flat-out refused to acknowledge it was a problem, until I made him go through the same steps on his local copy.
Crickets.
"Uh, looks like that option isn't working. I'll have to file a bug report." Then I spent another 45 minutes trying to get accounting to refund the $200 I'd given them for the support call.
They never did fix the bug, but I gave up my plans to have a graceful transition. I pulled that POS out the same day and installed another little NT mailer, quite a nice one, until I replaced the whole thing with a qmail FreeBSD box.
No moral to the story, really ('cept I should have been more paranoid, and tested the list more). But I bet more than a few readers have had that quick "oh shit" feeling as they saw the queue filling up.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
Just read the article, reminds me of when sometimes you apply to participate in a beta testing of something, and 2 weeks later you're putted on a mailing list with no warning other than the message, and there's always some newbies (and total idiots) that put their email addresses everywhere and wonder why "out loud" after.
:)
You start receiving message from people that are asking "WTF" and then people replying to get out of the list and the gazillion "me too" posts and then the bitching following because they aren't putted out and receiving another million of people bitching at the last million emails...then a moderator jumps in, exmplain the situation, then you get another bunch of emails because people didn't read it, and it goes on until the moderator +M the list.
What's the mistake?
1. not taking the people for complete idiots
Not meant in a insulting way, but rather that taking for granted that people will understand X and Y and Z, it's not because they signed up for a beta, or whatever, that they are mature people or good with internet/communicating/netiquette. So if you take for granted that you will operate a bunch of monkeys for a start, you won't get this problem, and the more you see how the list is, the more slack you can cut off.
Basically it's like a server, if you open all access to everything, and cut after, it's hell with the users. If you start strick and cut some slack, it's always better (best example being the quota, people flood your drives, and blam!. the other way around is people manage their space, and welcome the added storage). This is a stretched example but the concept can apply to a mailing list when all the posts needs to be moderated (pain in the ass and you don't get instant feedback) versus when they go freely in the list, to people that KNOW they will receive the email and will react correctly.
2. The lack of experience at managing mailing list.
Just go to egroups and looks at all the flame/crap going around in some mailing lists... sometimes it goes out of control and gets ugly, a good moderator knows when to jump in and how to so nobody gets offended and people drop it willingly instead of being forced to.
3. Lack of technical expertise and lack of communication
Something lame, but if you setup a mailing list for your customers for example, and you don't know what the "digest versus individual email" mode does, and you don't even bother to check, (well this is a lame example again but you get the idea) well if you have an average 20 emails a day for lets say, update on a product or different security patches for different modules and some will concern everyone some won't but you send them anyways, maybe you should be sure of every switch you'll turn on on the mailing list software, and be sure to ask the customers over the phone if they'd like an email for every fixes or a batch in 1 email every day for example (or better, give them the option and explain it clearly).
And also, never forget that you are dealing with human being, this might sound stupid, but everyone here that ever ran a BBS, or a mailing list, knows what this means and the implications (flame, mistakes, etc).
Sometimes Mailing list are a good thing, most time, people tend to forget that FORUMS can do as much and even better (search, no need to give out email addresses, etc). A counter-example would be to issue security alerts, for this, email rules. You have to weight the for and against for the project you are working on, and if you are to be moderator, be sure you know exactly what you are dealing with, both the software and the target people, and setup with these previous raw guidelines in mind, and unless you make a big mistake, it should go fine.
My $0.02
--- Metamoderating abusive downgraders since my 300th post.
Not much pisses me off more than people that put their entire list of "SPAM" (good or bad) email recipients in the CC or TO field instead of putting them in the BCC field.
Recently, my cousin was one of these abusers, and, being family, was totally fair game for some retribution. He was about 6 weeks away from leaving his job to go back to school, so he emailed his hotmail account a message, and CC'd that message to EVERYONE in his contact list at work, all so it was easier for him to import their addresses into Hotmail. There were over 350 people in this list. If this wasn't bad enough, he mis-spelled his hotmail address on the first message he sent out so he sent a SECOND message.
Well, that was the final straw.
Now, little known to Steve, me, being somewhat of a techie, had acquired his SteveLastname.com domain name as an upcoming birthday present. I proceded to send out an email to EVERYONE on his CC list, pointing out the totally innapropriate way in which Steve had used his email, and made a general call for embarrassing pics, stories, etc., that we could use to shame him.
Well, within 2 minutes, his dad sent in a Christmas pic of Steve when he was 7, his brother sent in his 1st date pic, and friends from work sent in pics and stories from the bar, etc. Each time something new came in, it was put up on his site and the email list was notified. It's interesting to note that the opt-out was included in the first response, and at the end of the day, only 2 guys had done so.
Now, let me fill you in a little bit on the scope of this little prank. You see, Steve was working at the largest investment bank in Canada, and probably 80% of the people on the list were his fellow workers. Well, word spread. Within an hour of the first notification, the site had been hit almost 1,000 times. At the end of a fun, 4 day run, the site had been hit almost 60,000 times (page views). To top it off, the top execs at the company (CEO, CTO, CIO, etc.) all made a field trip at the end of one of their exec meetings to come down and say good-bye to Steve in person. Now, Steve was a little terrified over this attention from the execs, but it was nicely relieved when they proceded to hand him a letter of reccommendation signed by all of them and they all had a good laugh about it.
All in all, it was pretty fun, and Steve was a good sport, but at the end of the day, email abusers still piss me off!
$0.02 (CDN)