Weird Amazon answer on mailing list post
Matthias Andree
matthias.andree at gmx.de
Tue Dec 6 12:41:47 CET 2005
David Relson <relson at osagesoftware.com> writes:
> On Mon, 05 Dec 2005 19:12:24 +0100
> Boris 'pi' Piwinger wrote:
>
>> Hi!
>>
>> Minutes ago I sent a message to this list. I then received
>> this message:
>
>
> Hi pi,
>
> service at amazon.com was subscribed to this list. Since that address is
> "outgoing only" and doesn't accept email, the list message bounced.
Have they managed to return the authentication token to the list
server? Do they return the full message of the user?
If so, someone may have forged Amazon's sender address and cause them to
subscribe them - this however requires Amazon sends bounces with
non-null envelope.
Similar things have been observed with "auto-acked" qsecretary
challenges on list.cr.yp.to, when spam with forged sender address made
it through to the list.
> I've exercised my discretion as list mangler and unsubscribed the
> address.
Perhaps it should be banned if it's a known bad autoresponder.
--
Matthias Andree
More information about the Bogofilter
mailing list