On Sat, 9 Dec 2000, Chuq Von Rospach wrote:
> When someone sends a message to a majordomo site that has it
> send you 100 copies of each info file, to be honest, Murr, I
> don't think the person bombed really cares about the
> semantical difference you're arguing about.
So we have one form of mail bombing that we can eliminate
completely by using mailback. We have another form of mail
bombing that isn't effected on way or the other by using
mailbacks. Therefore we can conclude that mailbacks are useless,
unsafe, worthless? The logic escapes me. The fact that other
abuses are still possible doesn't change that fact that mailback
confirmation prevents a common form of mail bombing. The only
certain method to eliminate all forms of mailing list server
abuse is to eliminate all servers. Not very practical.
Mailback confirmation is effective and serves a practical
purpose.
> I first documented these attacks back in, oh, 1996 or so. But
> whatever. This isn't an argument I'll get into.
I've had various servers online since 1994. I've never seen an
info/confirm attack. My personal experience says it quite rare.
A few years ago, I saw lots of attempted subscribe forgeries,
especially when some idiot recommended forged subscriptions as a
revenge technique in a major computer magazine. Forged
subscriptions have been a non-issue since I switched to
confirmation required server wide.
- murr -
