Subject: Camera direct spam exploited a clever loophole (an explanation)
From: Christopher Biggs <chris@xxxxxxxxxxxxxx>
Date: 31 Aug 1999 08:55:19 +1000
In-Reply-To: Joel Wilcox's message of "Mon, 30 Aug 1999 16:15:33 -0500"
It seems that (Microsoft's) listbot.com does take some
steps to prevent third-party signups. It requested confirmation when
I un*subscribed, so I expect it does the same when you (legitimately)
Since the original spam said the owner had "moved the list" it seems
the spammers have exploited a "feature" of listbot.
I'm not defending Microsoft, I loathe the clueless fsckers, in fact.
The spammers probably created their list elsewhere, then took
advantage of an offer from listbot to "move your list to our server".
(So that MSN may insert ads everywhere, of course). This bulk move
operation allows spammers to build a whole list in one go, without
even having to forge email.
Another ill-considered "feature" from MS which turns out to be an
easily-exploited security nightmare. Some marketroid probably said
"wouldn't it be great if...", and nobody stopped to think of the
"Those who do not learn from history are doomed to repeat it."
chris@xxxxxxxxxxxxxx, when he visits the Real World, is Christopher J. Biggs
Impossible Software Engineering, Stallion Technologies, Brisbane Australia.
I dig PGP, MIME and Rush. Send mail with "Subject: sendpgpkey" for my pubkey
------------------ Power grows out of the barrel of a GNU ------------------
< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >