On 05/10/2008 17:24, mike scott wrote:
On 5 Oct 2008 at 11:11, Harold Fuchs wrote:
On 05/10/2008 08:39, mike scott wrote:
(Everything snipped - can we put this subthread to rest please?)
/IF/ a mailicious mail account has /everything/ forwarded to a target
victim, there is no problem at all for the victim to unsubscribe the
mailicious account from this list, even without any access to that
malicious account. They do need to know the email address of the
account.
They just send an unsub email with that malicious address as sender.
Because of the forwarding, they will receive the unsub confirmation
request. They then reply to this.
Job done.
I think that's right but what puzzles me is how to subscribe some else
in the first place. When one subscribes one receives the same sort of
"please confirm" message as one gets when one unsubscribes. So if *you*
tried to subscribe *me*, I'd get the "please confirm" message and just
wouldn't do it. Would someone please explain what I'm missing here?
You're missing that the bad guy sets up the intermediate account,
subscribes it, and only /then/ sets up forwarding to the victim.
Yup. Mea culpa.
--
Harold Fuchs
London, England
Please reply *only* to users@openoffice.org