[13818] in North American Network Operators' Group
Email/mailing list abuse....
daemon@ATHENA.MIT.EDU (Dax Kelson)
Tue Nov 18 01:12:36 1997
Date: Mon, 17 Nov 1997 18:46:16 -0700 (MST)
From: Dax Kelson <dkelson@inconnect.com>
To: nanog@merit.edu
cc: nanog@merit.edu
In-Reply-To: <199711180001.TAA03666@merit.edu>
Now seems an appropriate time to mention this paper by Dan Bernstein the
author of qmail and ezmlm (EZ mailing list manager).
ftp://koobera.math.uic.edu/www/docs/mailabuse.html
It discusses Mailing list abuse (like what we are seeing now), and types
of email abuse.
The topics of paper include:
False subscription requests
Subscription cookie prediction
Cross-subscriptions
Filter dodging
Autoresponder loops
Unathorized relaying
Unathorized bouncing
False unsubscription requests
False bounces
UCE
This section seems most appropriate now:
Cross-subscriptions
An attacker can subscribe one mailing list to another. Cookies don't help,
since every subscriber to the target mailing list---including the
attacker's accomplice---receives a copy of the confirmation request.
An attacker can subscribe ten mailing lists to each other. This will
create a tsunami of mail, destroying all the mailing lists. Advanced loop
prevention mechanisms such as Delivered-To don't help, since a message can
pass through ten mailing lists in millions of different ways without
looping.
I propose (1) adding a Mailing-List field to every outgoing confirmation
message, (2) adding a Mailing-List field to every distributed message, and
(3) refusing to distribute messages that already contain Mailing-List
fields.
This provides a two-pronged defense to cross-subscription. First, it isn't
possible to cross-subscribe lists, since the confirmation message will
bounce from the target list. Second, users aren't hurt even if lists are
somehow cross-subscribed, since a message distributed from one list will
bounce from all the rest.
Sublists have to behave a bit differently. Every mailing list has to set
the envelope sender on outgoing messages; a sublist checks that it is
receiving a message from its parent list's envelope sender.
Again the paper is by Dan Bernstein.
Dax Kelson
Internet Connect, Inc.
