Log in

No account? Create an account


Abuse of mailing lists

« previous entry | next entry »
22nd Nov 2010 | 11:39

On the 2nd November, one of our users had the bright idea of promoting an event by CC:ing their ad to a very large number of our internal mailing lists, almost all of which were thoroughly inappropriate for the subject of the message. This is, of course, not allowed, and in such cases the perpetrator is usually invited to visit the office of my colleague who specializes in abuse (as it were) and/or their college authorities are asked to deal with it as a disciplinary matter.

Happily this kind of abuse is very rare - it's the first time it has happened to us for about ten years. However, just like last time, the first event has led to a very annoying series of copy-cat offenses, as various other thoughtless idiots have used "reply to all" to distribute their own off-topic bumf. I'm lucky that I don't have to tell them off myself, but I understand that their usual reaction is to whine "I thought it was OK because someone else did it".

We're trying various things to put a stop to this. Just getting the senders deaned isn't enough.

I added a simple clause to the Exim configuration on our mailing list system to freeze any message with too many recipients. This turned out not to be enough: one of the miscreants is a GMail user, and GMail splits a message so that there are at most 20 recipients per copy (even though the standard says 100 should work fine).

    condition = ${if >{$recipients_count}{25} }
    control   = freeze

So I added a second clause that freezes messages that have too many addresses in the To: and CC: headers. This still has the weakness of missing BCC:ed messages. (Edited: I came up with a more cunning regex which only counts @lists addresses, since counting all To: and CC: addresses led to far too many false positives.)

    condition = ${if >{${strlen:${sg {$h_To:,$h_CC:} \
                                     {(?s)(?!@lists[.]cam[.]ac[.]uk).} {} \
                      }}} {25} }
    control   = freeze

Freezing the messages is a fairly benign way of dealing with awkward edge cases, since we can inspect the frozen messages and either let them pass if they are OK, or bounce them or delete them if not. Messages that are frozen incorrectly just get delayed for a little while. We have used this technique for a while to detect spam from compromised accounts, so I already had the necessary support scripts.

I have also updated the message of the day on the Hermes webmail front page, to get the word out that this kind of idiocy is not tolerated. Hopefully we will not have to escalate to public floggings.

| Leave a comment |

Comments {8}

from: marnanel
date: 22nd Nov 2010 11:48 (UTC)

Hopefully we will not have to escalate to public floggings.

Bah, it's too good for 'em.

Reply | Thread

Gerald the cuddly duck

from: gerald_duck
date: 22nd Nov 2010 12:51 (UTC)

Pillory them on Senate House Lawn for a week with nothing but Spam® to eat.

Reply | Parent | Thread

The Uitlander

from: uitlander
date: 22nd Nov 2010 13:03 (UTC)

As the person tasked with slapping each miscreant as they emerge I have frequently been heard advocating the use of stocks on the Senate House lawn. Additional fun for all the family at graduation time!

Reply | Parent | Thread


from: oldbloke
date: 22nd Nov 2010 12:42 (UTC)

There's an argument that non-internal adresses shouldn't be able to send to internal lists except where explicitly permitted

Reply | Thread

Tony Finch

from: fanf
date: 22nd Nov 2010 12:49 (UTC)

Yes, and in our case this policy is delegated to the individual list managers.

Even so, this abuse is by our own users and most of them are using internal email services, so any internal/external distinction does not help.

Reply | Parent | Thread


from: mouse262_2
date: 23rd Nov 2010 00:13 (UTC)

Yes, and in our case this policy is delegated to the individual list managers.

I find it difficult to manage the configuration of lots of lists. Except by hand which becomes somewhat tedious when one manages about five dozen lists. What would be really nice is getting something like config_list so that I could copy the setup of one list to another and also reset lists that have strayed.

Reply | Parent | Thread

from: anonymous
date: 15th Feb 2011 11:55 (UTC)

Simple and sweet. I’m thinking of starting another blog or five pretty soon, and I’ll definitely consider this theme. Keep ‘em coming!

Reply | Thread


from: anonymous
date: 29th May 2011 09:28 (UTC)

Right on!

Reply | Thread