Barbara Duprey wrote: > mike scott wrote: >> (Everything snipped - can we put this subthread to rest please?) >> >> /IF/ a mailicious mail account has /everything/ forwarded to a target >> victim, there is no problem at all for the victim to unsubscribe the >> mailicious account from this list, even without any access to that >> malicious account. They do need to know the email address of the >> account. >> >> They just send an unsub email with that malicious address as sender. >> Because of the forwarding, they will receive the unsub confirmation >> request. They then reply to this. >> >> Job done. > > Trouble is, under some circumstances that doesn't seem to work, and we > haven't pinned down the circumstances yet. For example, I've tried > setting up a mimic account in Thunderbird and been stopped by a > request for a password for the account when I try to send; for some > reason, it doesn't always act the same with my configuration. > Apparently some SMTP servers at least sometimes verify either the > existence of an account (which would not be a problem in this case, > because the problem account is still active to redirect the messages), > or the authority to send messages from it. >
Of course, if there's an account that's being used to forward the messages, then there's an account to verify against. That's the purpose of our experiment. I know your account is valid, but I have never configured my computer to send or receive email. If this works, you'd be able to unsubscribe that address, assuming I had subscribed it to the list. Feel free to try creating an account in your email program, using my gmail address and then sending a message to me from it, using your ISPs SMTP server. You should find my gmail account in that message I sent to you via it. -- Use OpenOffice.org <http://www.openoffice.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]