I suspect it's the hiding angle, but it's hard to tell. It does seem to be someone offering a, "Service" out of Eastern Europe. If the lists were unconfirmed, we'd block them; so the attack needs to use confirmed lists, and just bombard the target with what is, at least in theory, unblockable traffic.
I know it gave me serious pause when I first saw it, and I didn't have a solid answer for it, except to junk the confirmation emails. If someone has a better idea how to keep mailinglist software like MailMan from being co-opted into such an attack, I would LOVE to hear it. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan Sent: Tuesday, May 24, 2016 2:17 PM To: mailop@mailop.org Subject: Re: [mailop] signup form abuse On 5/24/16 12:26 PM, Michael Wise wrote: > > We're still seeing cases where a malicious actor, typically in Eastern > Europe, will try and sign up a target email address for thousands of lists > all at once, flooding their mailbox with confirmation traffic , perhaps to > hide some other nefarious issues. I wonder what the point is. How does the bad guy monetize it, or is it a coordinated attack against a specific victim? What other nefarious issues? Making the address useless or burying some other mail in the midst of the junk would seem to be a possibility. If an attack against a specific victim, it would seem that unconfirmed marketing lists would be a more effective weapon than a bunch of random confirmation messages. It kind of sounds like back in the college frat days of pranking someone by signing them up to Columbia Record Club and tons of bill-me-later magazine subscriptions, but that was usually aimed at a specific individual and watching the fallout was the fun part. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.impulse.net%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7c98fa4e609de6466c4a5808d38419df8e%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=JTW%2bYkkIsBAp15Rua5%2fwIxLAiJdCzS24d%2bca1lbEUxU%3d Your local telephone and internet company - 805 884-6323 - WB6RDV _______________________________________________ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c98fa4e609de6466c4a5808d38419df8e%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=tGm%2bAZDhKeZr8Exd8L3cxf03f3NXELOn1tf%2bmF%2bIlEg%3d _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
