They aren't. They're BURYING the target in thousands of confirmation requests.
Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: Mark Jeftovic [mailto:mar...@easydns.com] Sent: Thursday, June 30, 2016 9:00 AM To: Michael Wise <michael.w...@microsoft.com>; mailop@mailop.org Subject: Re: [mailop] automated looking mailchimp opt-ins (confused by) Wait - if this is an attack against the recipient, how are they *confirming* the opt-in in an opt-in and confirm situation? - mark On 2016-06-30 10:40 AM, Michael Wise wrote: > Yeah. > > I can imagine a way to block it if one leverages DKIM and DMARC to > send a subscribe message FROM the user with a cookie in the Subject, > based on a mailto: link on a webform, and if the signatures > validate... Consider that sufficient? > > But otherwise, unsure how to block it on the receiving end without > some new code. We may have to write it, though. > > Aloha, > Michael. > -- > Sent from my Windows Phone > ---------------------------------------------------------------------- > -- > From: Mark Jeftovic <mailto:mar...@easydns.com> > Sent: 6/30/2016 6:45 AM > To: Michael Wise <mailto:michael.w...@microsoft.com>; > mailop@mailop.org <mailto:mailop@mailop.org> > Subject: Re: [mailop] automated looking mailchimp opt-ins (confused > by) > > Oh I see. It's the opt-in and confirm version of a reflection attack. > > Interesting, and yes, pretty nasty. > > - mark > > On 2016-06-30 4:55 AM, Michael Wise wrote: >> No. >> >> From what we see, it *SEEMS* to be that they are attacking others by >> flooding the target with confirmation requests from many thousands of >> lists all at once, one or more of which might be yours. >> >> In other words, you are not the nail, you're the hammer. >> >> It's a horrible attack, because it's a legitimate thing to do, >> sending a confirm message. How are you to know that the recipient has >> received a thousand others just like it in the past minute from all around >> the globe? >> >> This is just a theory, but we've dealt with the cleanup of a number >> of cases like this where our customers were on the receiving end. >> >> Aloha, >> Michael. >> -- >> Sent from my Windows Phone >> --------------------------------------------------------------------- >> --- >> From: Mark Jeftovic <mailto:mar...@easydns.com> >> Sent: 6/29/2016 8:17 PM >> To: mailop@mailop.org <mailto:mailop@mailop.org> >> Subject: Re: [mailop] automated looking mailchimp opt-ins (confused >> by) >> >> What do you mean when you say "hey are attacking people for hire." ? >> >> Do you mean they are hired to attack our list? >> >> - mark >> >> >> On 2016-06-29 10:19 PM, Michael Wise via mailop wrote: >>> >>> This ... is an attack for which I have become rather familiar. >>> I'm guessing that all the subscription request web connects are coming from >>> Eastern Europe.... >>> >>> They are attacking people for hire. >>> They flood the target accounts with thousands of subscription confirmations. >>> >>> Dig a bit deeper and let me know if my suspicions are correct. >>> You may want to throttle/blacklist connections from any IP that submits >>> requests for more than 1 mailing-list every ... N seconds? >>> >>> Just a hunch, but I'd be surprised if I wasin error on this. >>> >>> Aloha, >>> Michael. >>> >> >> -- >> Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc. >> Company Website: >> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2feasyd >> ns.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c709b171504f64281 >> c89f08d3a0951809%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=bJC1Dsg >> 4DvB%2fDTXt2IvKpfWSElSFhNLyB0KiNnf6cGw%3d >> Read my blog: >> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmarka >> ble.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c709b171504f6428 >> 1c89f08d3a0951809%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=NkC0u9 >> HvJsxeCb8m%2fGUehq9dkj2wPOuLKZLHdjnrVAw%3d >> +1-416-535-8672 ext 225 >> >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchil >> li.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01% >> 7cmichael.wise%40microsoft.com%7c709b171504f64281c89f08d3a0951809%7c7 >> 2f988bf86f141af91ab2d7cd011db47%7c1&sdata=Qkwvc%2flMgBj%2bRQUrBmipEKM >> KchESEZOw5NI%2f%2fEMy%2bsU%3d > > -- > Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc. > Company Website: > https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2feasydn > s.com&data=01%7c01%7cMichael.Wise%40microsoft.com%7c414129a1122d4b0511 > 9d08d3a0ecd95f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=LiO8ewoiJs > GODFwkjoBGu0V1ya6PZKy9MVUkcpUP5zE%3d > Read my blog: > https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmarkab > le.com&data=01%7c01%7cMichael.Wise%40microsoft.com%7c414129a1122d4b051 > 19d08d3a0ecd95f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=p%2b8kyjX > pgVrhuVTQi18bvqkdSmt7B8LbCnWDD9k2%2baY%3d > +1-416-535-8672 ext 225 -- Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc. Company Website: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2feasydns.com&data=01%7c01%7cMichael.Wise%40microsoft.com%7cd33668dcac7d4f60d4ad08d3a0ffaff1%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ffIwVR0HingIFgpYNW2XbysuEkrvK%2bTMnaB2MBWixUc%3d Read my blog: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmarkable.com&data=01%7c01%7cMichael.Wise%40microsoft.com%7cd33668dcac7d4f60d4ad08d3a0ffaff1%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=qTkTdWhgxBAdATl6iRn6GWm0sLnQVO3oU1XFAadPQoo%3d +1-416-535-8672 ext 225 _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop