Mailing List Archive

idiot reponse
action@nanog.org seems to no longer exist. how should i be whining
about the following?

From: Electric Forest Festival <info@electricforestfestival.com>
Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions
To: randy@psg.com
Date: Wed, 26 Feb 2020 16:15:25 +0000

Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out.?Lyte is the only HQ endorsed way to get passes now that it?s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
Re: idiot reponse [ In reply to ]
I send to nanog-owner@nanog.org, but I never hear back.




-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

----- Original Message -----

From: "Randy Bush" <randy@psg.com>
To: "North American Network Operators' Group" <nanog@nanog.org>
Sent: Wednesday, February 26, 2020 10:24:03 AM
Subject: idiot reponse

action@nanog.org seems to no longer exist. how should i be whining
about the following?

From: Electric Forest Festival <info@electricforestfestival.com>
Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions
To: randy@psg.com
Date: Wed, 26 Feb 2020 16:15:25 +0000

Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out. Lyte is the only HQ endorsed way to get passes now that it’s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
Re: idiot reponse [ In reply to ]
On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett <nanog@ics-il.net> wrote:

> I send to nanog-owner@nanog.org, but I never hear back.
>
>
>
I had sent this privately but I thought/think: nanog-admin@

I could totally be wrong :)
Re: idiot reponse [ In reply to ]
postfix =)

/^From: .*@electricforestfestival\.com/ DISCARD

On Wed, 26 Feb 2020 at 09:54, Christopher Morrow <morrowc.lists@gmail.com>
wrote:

>
>
> On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett <nanog@ics-il.net> wrote:
>
>> I send to nanog-owner@nanog.org, but I never hear back.
>>
>>
>>
> I had sent this privately but I thought/think: nanog-admin@
>
> I could totally be wrong :)
>
Re: idiot reponse [ In reply to ]
Wtf kinda one word response is that lol

--
J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.

> On Feb 26, 2020, at 15:03, Selphie Keller <selphie.keller@gmail.com> wrote:
>
> ?
> postfix =)
>
> /^From: .*@electricforestfestival\.com/ DISCARD
>
>> On Wed, 26 Feb 2020 at 09:54, Christopher Morrow <morrowc.lists@gmail.com> wrote:
>>
>>
>>> On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett <nanog@ics-il.net> wrote:
>>> I send to nanog-owner@nanog.org, but I never hear back.
>>>
>>>
>>
>> I had sent this privately but I thought/think: nanog-admin@
>>
>> I could totally be wrong :)
Re: idiot reponse [ In reply to ]
On 26/02/2020 16:24, Randy Bush wrote:
> action@nanog.org seems to no longer exist. how should i be whining
> about the following?
>
> From: Electric Forest Festival <info@electricforestfestival.com>
> Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions
> To: randy@psg.com
> Date: Wed, 26 Feb 2020 16:15:25 +0000
>
> Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out. Lyte is the only HQ endorsed way to get passes now that it?s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!

This (or what it appears to be) is happening on an increasing number of
mail lists. It's not many but it's there I don't know who is behind it
or why, but it's an increasing annoyance.

This is a quick summary of what seems to be happening:
(1) A legitimate company's or organisation's helpdesk email address is
signed up to a mail list like this one.
(2) Every time someone posts to the list, they receive an automated
notification from the helpdesk.
(3) On mail lists where DMARC mitigation is in effect, the notification
comes back to the mail list.
(4) A consistent pattern is that the helpdesk staff seem utterly
incapable of unsubscribing themselves from the list. They always seem to
need to be unsubscribed by a list admin.

The key question to my mind is how do these helpdesks get signed up at
all? Presumably it's not the helpdesk staff themselves signing them up.
It would appear that someone, somewhere has found a vulnerability in
Mailman (as far as I can recall I've only seen this on Mailman lists)
and is intentionally signing up legitimate company helpdesks to mail lists.

Lists with an active admin/mod can fix the problem quickly by
unsubscribing the helpdesk.

Is it an attempted (rather feeble) DoS on the mail lists affected, on
the concept of a mail list, or on the companies affected? I don't know.
I can't see any real point to it. But it's happening.



--
Mark Rousell
Re: idiot reponse [ In reply to ]
I've also seen employees leaving companies and their addresses being rerouted to the support mailbox.

--
Patrick

Am 27.02.2020 um 01:25 schrieb Mark Rousell:
> On 26/02/2020 16:24, Randy Bush wrote:
>> action@nanog.org seems to no longer exist. how should i be whining
>> about the following?
>>
>> From: Electric Forest Festival <info@electricforestfestival.com>
>> Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions
>> To: randy@psg.com
>> Date: Wed, 26 Feb 2020 16:15:25 +0000
>>
>> Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out.?Lyte is the only HQ endorsed way to get passes now that it?s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
>
> This (or what it appears to be) is happening on an increasing number of mail lists. It's not many but it's there I don't know who is behind it or why, but it's an increasing annoyance.
>
> This is a quick summary of what seems to be happening:
> (1) A legitimate company's or organisation's helpdesk email address is signed up to a mail list like this one.
> (2) Every time someone posts to the list, they receive an automated notification from the helpdesk.
> (3) On mail lists where DMARC mitigation is in effect, the notification comes back to the mail list.
> (4) A consistent pattern is that the helpdesk staff seem utterly incapable of unsubscribing themselves from the list. They always seem to need to be unsubscribed by a list admin.
>
> The key question to my mind is how do these helpdesks get signed up at all? Presumably it's not the helpdesk staff themselves signing them up. It would appear that someone, somewhere has found a vulnerability in Mailman (as far as I can recall I've only
> seen this on Mailman lists) and is intentionally signing up legitimate company helpdesks to mail lists.
>
> Lists with an active admin/mod can fix the problem quickly by unsubscribing the helpdesk.
>
> Is it an attempted (rather feeble) DoS on the mail lists affected, on the concept of a mail list, or on the companies affected? I don't know. I can't see any real point to it. But it's happening.
>
>
>
> --
> Mark Rousell
Re: idiot reponse [ In reply to ]
On 27/02/2020 00:30, Patrick Schultz wrote:
>
> I've also seen employees leaving companies and their addresses being
> rerouted to the support mailbox.
>

That's a very interesting point. I had not considered it as a possible
cause of this problem.


--
Mark Rousell
Re: idiot reponse [ In reply to ]
On Wed, Feb 26, 2020 at 4:15 PM J. Hellenthal via NANOG <nanog@nanog.org>
wrote:

> Wtf kinda one word response is that lol
>


You missed the *very* important second line of the response, which makes
the first, one-word line meaningful.

Go back and read it again. ;)

Matt



>
> --
> J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says
> a lot about anticipated traffic volume.
>
> On Feb 26, 2020, at 15:03, Selphie Keller <selphie.keller@gmail.com>
> wrote:
>
> ?
> postfix =)
>
> /^From: .*@electricforestfestival\.com/ DISCARD
>
> On Wed, 26 Feb 2020 at 09:54, Christopher Morrow <morrowc.lists@gmail.com>
> wrote:
>
>>
>>
>> On Wed, Feb 26, 2020 at 11:46 AM Mike Hammett <nanog@ics-il.net> wrote:
>>
>>> I send to nanog-owner@nanog.org, but I never hear back.
>>>
>>>
>>>
>> I had sent this privately but I thought/think: nanog-admin@
>>
>> I could totally be wrong :)
>>
>
Re: idiot reponse [ In reply to ]
On Thu, Feb 27, 2020 at 12:25:27AM +0000, Mark Rousell wrote:
> This (or what it appears to be) is happening on an increasing number of
> mail lists. It's not many but it's there I don't know who is behind it
> or why, but it's an increasing annoyance.

There is a partial fix for this, at least for anyone using Mailman to run
their lists (e.g., nanog):

Set Mailman so that all new subscribers are moderated by default.

Either new subscriber X will one day send real content to the list
or they won't. If it's the latter, then it is very simple to use
Mailman's interface to simultaneously (a) approve the message for
distribution and (b) clear their moderation flag. If it's the
former, then the message will only be seen by the list-owners and
won't bother everyone on the list. [1]

This doesn't help with copies that are sent directly to list-members,
however. The fix for that is for responsible list owners (a) to
be available at the -owner address (per RFC 2142 and decades of best
practices) so that they can field problem reports and (b) to use Mailman
to (a) unsubscribe the errant address and (b) ban it. I'd also recommend
that they (c) publicly announce such actions with an "administrivia" Subject
line on-list so that list members can take corresponding actions in their
own mail systems.

If nanog-owner isn't responding then that's a serious lapse and
needs to be corrected immediately. Doing so is a fundamental part
of basic mailing list administration.

I'd also strongly recommend that list-owners have Mailman configured
to notify them of all subscribe/unsubscribe events and/or to require
manual list-owner approval for subscriptions. Interposing human
beings in the process doesn't solve this problem but it provides
the opportunity to detect and quash it early on.

---rsk

[1] Note that this is also a partial defense against accounts which
are hijacked and turned into bots. Given that -- on most mailing lists
and especially on large ones -- the overwhelming majority of subscribers
will *never* send any traffic, nothing is lost by doing this. But on
the day when an account is hijacked and suddenly starts sending large
amounts of traffic, none of of it will get through to the mailing list.