Re: [OAUTH-WG] Recent Spam

Glen <> Thu, 14 November 2019 21:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9FAF6120043 for <>; Thu, 14 Nov 2019 13:02:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -104.2
X-Spam-Status: No, score=-104.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2UjQKAlqbjYY for <>; Thu, 14 Nov 2019 13:02:44 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7072712002E for <>; Thu, 14 Nov 2019 13:02:44 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTPS id 341D2202E94 for <>; Thu, 14 Nov 2019 13:01:56 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTPSA id 15E2E202EB0 for <>; Thu, 14 Nov 2019 13:01:56 -0800 (PST)
Received: by with SMTP id l14so6122346oti.10 for <>; Thu, 14 Nov 2019 13:02:44 -0800 (PST)
X-Gm-Message-State: APjAAAXtjPOpxpC8kCmbxZvZ9jGa2CL6M8eUI8GhotxpdTJfyMRpO+j0 A1Y2AS0Si+BfCOJpPWLQHL4BlwG92pjSzMagBY0=
X-Google-Smtp-Source: APXvYqyXe+OPtlaA++Yyxy/V8TFL2VcodB7YtX5KG0/+dcghRVSU9whaMjCH4Z5+1uihM2w6bvUaU2HyN/I0Br0+jR8=
X-Received: by 2002:a05:6830:2316:: with SMTP id u22mr1526648ote.100.1573765363547; Thu, 14 Nov 2019 13:02:43 -0800 (PST)
MIME-Version: 1.0
From: Glen <>
Date: Thu, 14 Nov 2019 13:02:32 -0800
X-Gmail-Original-Message-ID: <>
Message-ID: <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [OAUTH-WG] Recent Spam
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Nov 2019 21:02:47 -0000

All -

On Wed, 13 November 2019 12:41 UTC, Rifaat Shekh-Yusef
<> wrote:
> The chairs are aware of the issue, as we receive notifications to
> approve these messages sent by non-members.
> We have been receiving these emails for few weeks now, and Glen from IETF
> IT is also aware of the issue and he took some measures to try to address
>  this.  Glen also contacted the ISP but unfortunately he did not hear back from
> them.

I'm not on this list, but in the process of checking a few spam
complaints we've received, I noticed this message in the archive, and
wanted to clarify further:

The OAUTH list - along with about four other lists - was the victim of
a subscribe attack, in which large numbers of valid, harvested email
addresses were subscribed to the OAUTH list without the knowledge of
the account holders. was one of the targeted domains, as
was AOL and GMAIL.


I have no idea what the attackers tried to gain - get the IETF
blacklisted with ISPs, perhaps?

It was relatively simple to remove the sympatico and AOL addresses,
but we have lots of legitimate users who use GMail, so I was hesitant
to try bulk-removing all of those addresses!

OAUTH - at 1003 members (currently) is one of the IETF's larger lists,
so there may be other people on here also who didn't ask to be signed

As complaints come in, we're removing people, and as attacks come in
(and there are a TON of attacks against the IETF every day, which is
why I look the way I do) we block them, but it is something of a game
of leapfrog.   We appreciate everyone's patience as we continue to
deal with these ongoing, and bizarre, attacks.

Glen Barney
IT Director
AMS (IETF Secretariat)