<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-7">
</head>
<body>
<p>I've also seen employees leaving companies and their addresses
being rerouted to the support mailbox.<br>
<br>
-- <br>
Patrick<br>
</p>
<div class="moz-cite-prefix">Am 27.02.2020 um 01:25 schrieb Mark
Rousell:<br>
</div>
<blockquote type="cite" cite="mid:5E570C77.9020108@signal100.com">
<meta content="text/html; charset=ISO-8859-7"
http-equiv="Content-Type">
On 26/02/2020 16:24, Randy Bush wrote:<br>
<blockquote cite="mid:m2o8tluxjw.wl-randy@psg.com" type="cite">
<pre wrap=""><a class="moz-txt-link-abbreviated" href="mailto:action@nanog.org" moz-do-not-send="true">action@nanog.org</a> seems to no longer exist. how should i be whining
about the following?
From: Electric Forest Festival <a class="moz-txt-link-rfc2396E" href="mailto:info@electricforestfestival.com" moz-do-not-send="true"><info@electricforestfestival.com></a>
Subject: Forest HQ Has Received Your Message: Re: Hi-Rise Building Fiber Suggestions
To: <a class="moz-txt-link-abbreviated" href="mailto:randy@psg.com" moz-do-not-send="true">randy@psg.com</a>
Date: Wed, 26 Feb 2020 16:15:25 +0000
Electric Forest 2020 will take place on June 25-28, 2020. Forest HQ has received your email. Help save precious resources by reviewing the information below and looking up common questions in The Forest Frequently Asked Questions: Experience.ElectricForestFestival.com Please contact Festival Ticketing Support at 855-279-6941 for all issue regarding your purchase or for account troubleshooting. Electric Forest is sold out.�Lyte is the only HQ endorsed way to get passes now that it�s sold out. To know when all things Electric Forest 2020 are happening sign up to the EF Newsletter. Happy Forest!
</pre>
</blockquote>
<br>
This (or what it appears to be) is happening on an increasing
number of mail lists. It's not many but it's there I don't know
who is behind it or why, but it's an increasing annoyance.<br>
<br>
This is a quick summary of what seems to be happening:<br>
(1) A legitimate company's or organisation's helpdesk email
address is signed up to a mail list like this one.<br>
(2) Every time someone posts to the list, they receive an
automated notification from the helpdesk.<br>
(3) On mail lists where DMARC mitigation is in effect, the
notification comes back to the mail list.<br>
(4) A consistent pattern is that the helpdesk staff seem utterly
incapable of unsubscribing themselves from the list. They always
seem to need to be unsubscribed by a list admin.<br>
<br>
The key question to my mind is how do these helpdesks get signed
up at all? Presumably it's not the helpdesk staff themselves
signing them up. It would appear that someone, somewhere has found
a vulnerability in Mailman (as far as I can recall I've only seen
this on Mailman lists) and is intentionally signing up legitimate
company helpdesks to mail lists.<br>
<br>
Lists with an active admin/mod can fix the problem quickly by
unsubscribing the helpdesk.<br>
<br>
Is it an attempted (rather feeble) DoS on the mail lists affected,
on the concept of a mail list, or on the companies affected? I
don't know. I can't see any real point to it. But it's happening.<br>
<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Mark Rousell</pre>
</blockquote>
</body>
</html>