On Fri, 8 Feb 2002, Knud Erik Højgaard wrote: > cnn.com has similar stuff with their mailing lists. The best part > about their lists is that they require no 'approval' of joining the > list - they just start sending you mails. Always great coming back > from a holiday just to see your mailbox flooded with a few hundred > mails. I was considering posting about this, but you beat me to it. Cnet / Ziff Davis suffer the same problem. Recently, this was used by a disgruntled ex-coworker to harass me. It seems it's much easier for someone else to subscribe you to these lists than it is to get off of them. Requests to be removed are responded to with "go to this URL to switch your subscription between HTML or plain text format messages." ARGH!!! As an experiment, I went to CNET's web site, found the URL to subscribe to a few lists, and subscribed a bogus address on a domain I own. This was done via a simple web form with no confirmation whatsoever. They've been sending messages (which bounce back with 'no such user' errors) for 3 days so far. Depending on the mail software they're using, this might provide for an interesting DoS against CNET's mailing list servers. CNET is aware of this problem but seems unmotivated to do anything about it. -- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
