Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-18 Thread John Levine via mailop
It appears that Richard Clayton via mailop said: >you have not been paying attention ... it's called list-bombing (Google >will find you many references) > >it dates from 2017 or so ... here's an early high-viz example > >fo

Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-18 Thread Richard Clayton via mailop
In message <6104b9876b594050d36ca90ca6a169cda7a8e684.ca...@fiebig.nl>, Tobias Fiebig via mailop writes >A bit of digging found several end-user reports of the following MO: > >- Get phished >- Something expensive is bought >- Mailbox is overflown right when the notification of the transaction >co

Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-13 Thread Tobias Fiebig via mailop
Moin, > Create a random generated mail address that the person needs to send > an email to. Verify SPF/DKIM/DMARC strictly, so forging is much > harder and reject it with a proper message, maybe with a link that > explains the result. Yeah. I thought about that. _Technically_ the whole thing can

Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-13 Thread Tobias Fiebig via mailop
On Tue, 2024-03-12 at 15:46 -0700, Michael Peddemors via mailop wrote: > Tobias, > > This does sound like a typical 'mail bomb', and there are even > services you can rent to mail bomb an enemy.. > > Used to only see it in the gamer community, kid stuff.. but it is > more rare than you think.. so

Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-13 Thread Marco Moock via mailop
Am 13.03.2024 um 08:39:17 Uhr schrieb Tobias Fiebig: > Which is part of the reason for this mail; Are there any best > practices beyond what i did above for preventing this form of abuse > (apart from 'wanna do "Captcha & Cloudflare" tonight' ? Create a random generated mail address that the pers

Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-13 Thread Tobias Fiebig via mailop
Moin, > How do you prevent that abusers will enter many mail addresses and > you send out many test mails to people who never requested them? Now? Block-List skipping mail-sending for the most common providers and limiting in-flight tests for other domains. But with a sufficiently large botnet

Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-13 Thread Marco Moock via mailop
Am 12.03.2024 um 19:19:50 Uhr schrieb Tobias Fiebig via mailop: > over the past 2-3 weeks, I saw a slightly more filled queue for email- > security-scans.org; A lot of users seemed to start tests, but never > received the corresponding test mails; In most cases, the ESP hat > shutdown delivery to

Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-12 Thread Michael Peddemors via mailop
Tobias, This does sound like a typical 'mail bomb', and there are even services you can rent to mail bomb an enemy.. Used to only see it in the gamer community, kid stuff.. but it is more rare than you think.. sometimes it can go on for several days.. Usually, someone has p**'ed off someone

[mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-12 Thread Tobias Fiebig via mailop
Moin, over the past 2-3 weeks, I saw a slightly more filled queue for email- security-scans.org; A lot of users seemed to start tests, but never received the corresponding test mails; In most cases, the ESP hat shutdown delivery to these inboxes due to a sudden high volume of inbound messages, wit