[TOOLS-DEVELOPMENT] Mailman subscribe attacks - a new twist
Glen <glen@amsl.com> Thu, 17 September 2015 14:22 UTC
Return-Path: <glen@amsl.com>
X-Original-To: tools-development@ietfa.amsl.com
Delivered-To: tools-development@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32E0A1A1A9E for <tools-development@ietfa.amsl.com>; Thu, 17 Sep 2015 07:22:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.188
X-Spam-Level:
X-Spam-Status: No, score=-102.188 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gIpkDyPo1gP0 for <tools-development@ietfa.amsl.com>; Thu, 17 Sep 2015 07:22:44 -0700 (PDT)
Received: from mail.amsl.com (mail.amsl.com [4.31.198.40]) by ietfa.amsl.com (Postfix) with ESMTP id 22E891A1A6B for <tools-development@ietf.org>; Thu, 17 Sep 2015 07:22:44 -0700 (PDT)
Received: from mail.amsl.com (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 834A71E5A12 for <tools-development@ietf.org>; Thu, 17 Sep 2015 07:22:00 -0700 (PDT)
Received: from mail-ob0-f178.google.com (mail-ob0-f178.google.com [209.85.214.178]) by c8a.amsl.com (Postfix) with ESMTPSA id 5D59A1E5A30 for <tools-development@ietf.org>; Thu, 17 Sep 2015 07:22:00 -0700 (PDT)
Received: by obqa2 with SMTP id a2so14360936obq.3 for <tools-development@ietf.org>; Thu, 17 Sep 2015 07:22:43 -0700 (PDT)
X-Received: by 10.60.70.40 with SMTP id j8mr24865558oeu.78.1442499763366; Thu, 17 Sep 2015 07:22:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.80.140 with HTTP; Thu, 17 Sep 2015 07:22:23 -0700 (PDT)
From: Glen <glen@amsl.com>
Date: Thu, 17 Sep 2015 07:22:23 -0700
Message-ID: <CABL0ig6SuNx9K+4xeOCbxd8svN5JWwPvuzgJu-FNBsf=VG8YwA@mail.gmail.com>
To: Glen Barney <glen@amsl.com>
Content-Type: multipart/alternative; boundary="001a11330ab4fbf4b1051ff2255f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tools-development/P9mDSeRrvgUAD_tFzYqgDbOkUpM>
X-Mailman-Approved-At: Thu, 17 Sep 2015 07:24:25 -0700
Subject: [TOOLS-DEVELOPMENT] Mailman subscribe attacks - a new twist
X-BeenThere: tools-development@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: glen@amsl.com
List-Id: Tools Development list server <tools-development.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tools-development>, <mailto:tools-development-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tools-development/>
List-Post: <mailto:tools-development@ietf.org>
List-Help: <mailto:tools-development-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tools-development>, <mailto:tools-development-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 14:22:46 -0000
Greetings again: Loa is reporting that on his list he is now getting subscribe attacks for email-to-SMS gateway addresses. He reports that he's received about 20 of the following types of subscribe requests in the last day: 2524063603@mms.att.net Obviously, flooding cell phones with junk mail is much more invasive than random GMail addresses. Since this attack targets a US-based carrier, I have applied the same divert-to-secretariat behavior to addresses containing the four primary US cellular carrier domains: txt.att.net mms.att.net vtext.com tmomail.net sprintpcs.com I did a check, and we have exactly zero users on any of our lists in any of these domains. (Which makes sense, most IETF list messages are far too long to deal with over SMS.) I therefore expect that this additional step will have no impact on the community. As an aside, an interesting, if incomplete, resource for gateway addresses is here: http://www.emailtextmessages.com/ I obviously do not intend to apply diversion to all of the domains in their list, but I include it just for interest. As always, any questions, let me know! Glen Glen Barney IT Director AMS (IETF Secretariat)