>Therefore we can conclude that mailbacks are useless,
>unsafe, worthless? The logic escapes me.
I said I wouldn't get into it, but.. Jeez, Murr, you can be very
dense at times.
No, I never said that. I never implied that. I never even hinted that.
What I did, in fact, hint, is that systems using mailbacks ought to
be FIXED to fix this other attack as well.
> > I first documented these attacks back in, oh, 1996 or so. But
>> whatever. This isn't an argument I'll get into.
>
>I've had various servers online since 1994. I've never seen an
>info/confirm attack. My personal experience says it quite rare.
when I was running majordomo on my apple site, I saw them at least
weekly. Maybe the mac anti-PC bigots are smarter than your users or
something. I think the record I saw was one poor idiot who was hit
with over 2000 info files in a four hour period.
The answer is quite simple: list servers (and mailbots, and vacation
bots and ANYTHING that auto-responds) needs to rate-limit their
replies to an address. Wtih a vacation bot it's simple, and the
standard vacation program has that feature. With MLM's, it's
trickier, but doable. And should be done. but since Murr has never
seen this, I guess we needed bother, since if he hasn't seen it, it
can't possibl exist.
--
Chuq Von Rospach - Plaidworks Consulting (mailto:[EMAIL PROTECTED])
Apple Mail List Gnome (mailto:[EMAIL PROTECTED])
We're visiting the relatives. Cover us.
