Hosting Provided By

Re: Unsubscribe DoS

From: John Dow <jmd(at)nelefa.org>
Date: Sat Dec 21 2002 - 04:48:51 EST

Original Message ----- From: "Arnold, Jamie" <harnold@binghamton.edu> To: "'Frank Knobbe'" <frank@knobbe.us>; <vuln-dev@securityfocus.com> Sent: Saturday, December 21, 2002 12:19 AM Subject: RE: Unsubscribe DoS

> Many of these "unsubscribe" urls are just a way of verifying that the
email
> address is a valid one. Probes, of a sort.

Indeed - ever noticed how spammers offering "verified" email addresses charge more for their mailing lists?

It's a quandry we're in at the moment - the company I work for (we build and host websites) have some custom written software for mailing visitors to sites who have double opted in to mailing lists run by the sites, but even with this double opt in there are always people who have forgotten they've done it and want off the list. We provide an unsubscribe link (which does what it's supposed to) but also add an X-Header that is a message from the systems team saying "We're trying to do this as responsibly as possible, etc etc".

I don't like being involved in this, but there given there isn't much I can do about it, I'm at least trying to do it as responsibly as possible.

--
John Dow
http://www.nelefa.orghttp://www.miserable-bastard.com

Received on Sun Dec 22 13:18:42 2002

This message: [ Message body ]
Next message: Dan Kaminsky: "Release: Paketto Keiretsu 1.10"
Previous message: appsec(at)technicalinfo.net: "Re: Cross site scripting explained"
In reply to Arnold, Jamie: "RE: Unsubscribe DoS"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT