> I wonder what the point is. How does the bad guy monetize it, or is it a > coordinated attack against a specific victim? What other nefarious > issues? Making the address useless or burying some other mail in the > midst of the junk would seem to be a possibility. > > If an attack against a specific victim, it would seem that unconfirmed > marketing lists would be a more effective weapon than a bunch of random > confirmation messages.
We saw this happen a while back: https://blog.fastmail.com/2014/04/10/when-two-factor-authentication-is-not-enough/ About a month ago, our hostmas...@fastmail.fm account suddenly wound up subscribed to hundreds of mailing lists. All these mailing lists failed to use double or confirmed opt-in, so someone was simply able to enter the email address into a form and sign us up, no confirmation required. This really is poor practice, but it's still pretty common out there. A special shout-out goes to government and emergency response agencies in the USA for their non-confirmation signup on mailing lists. Thanks guys. The upshot was that the hostmaster address was receiving significant noise. Rob Mueller (one of our directors) wasted (so we thought) a bunch of his time removing us from those lists one by one, being very careful to check that none of the 'opt-out' links were actually phishing attempts. This turns out to have been time very well spent. -- Rob Mueller r...@fastmail.fm _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
