We're still seeing cases where a malicious actor, typically in Eastern Europe, will try and sign up a target email address for thousands of lists all at once, flooding their mailbox with confirmation traffic , perhaps to hide some other nefarious issues.
If we could standardize the confirmation messages, at some point, it might be possible to install some sort of circuit-breaker for this kind of abuse, but until then ... we're tending to relegate all confirmations to Junk (not Spam) status, simply out of preservation of the customer's INBOX usefulness. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan Sent: Tuesday, May 24, 2016 12:07 PM To: mailop@mailop.org Subject: Re: [mailop] signup form abuse On 5/24/16 10:17 AM, Vick Khera wrote: > As an ESP, we host mailing list signup forms for many customers. Of > late, it appears they have been getting pounded on with fraudulent > signups for real addresses. Sometimes the people confirm by clicking > the confirmation link in the message and we are left scratching our > heads as to why they would do that. Mostly they get ignored and > sometimes they come back as spam complaints. > > One opinion I got regarding this was that people were using bots to > sign up to newsletter lists other bot-driven email addresses at gmail, > yahoo, etc., to make those mailboxes look more real before they became > "weaponized" for use in sending junk. That does not seem to be > entirely what is happening here... The appearance of the confirmation email makes a big difference. If it looks like an advertisement with lots of graphics, hidden tracking bugs, etc. it's likely to be viewed as abuse and used by bad guys to harass innocents. I'm very pleasantly (and rarely) surprised with list confirmations that look like this: * A single small logo for branding or no graphics at all * No advertising * A statement like "On [date] at [time] [timezone] you or someone claiming to be you requested to subscribe to [list] from IP address [IP]. To confirm your request, click [link]. If you didn't make this request, do nothing and you will not hear from us again. To report abuse, [do whatever]. Of course that's assuming that the ESP bothers to confirm subscriptions at all. One extremely annoying new trend is websites that grey out after a few seconds and present a popup demanding an email address. This irritation is likely to result in the masses supplying an email address, any email address, just to stop the annoyance. I've resisted the temptation to complete them all with "abuse@<domain of website>". So far, I'm using "nob...@example.com". -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.impulse.net%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7c2c9259b781d94431ff5f08d384077b48%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=XqQx5DefhhEvuhrne%2f%2bwyze%2fZIC1qFuQ30xW1nlBCv4%3d Your local telephone and internet company - 805 884-6323 - WB6RDV _______________________________________________ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c2c9259b781d94431ff5f08d384077b48%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=DZ0W0hpqF8Pi8yHeS8HhODOAH0wdt%2bzXkgsH6iQ5bG4%3d _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
