idiot reponse seems to no longer exist. how should i be whining
about the following?

I send to, but I never hear back.

I had sent this privately but I thought/think: nanog-admin@

I could totally be wrong :slight_smile:

postfix =)

/^From: .* DISCARD

Wtf kinda one word response is that lol

This (or what it appears to be) is happening on an increasing number of mail lists. It’s not many but it’s there I don’t know who is behind it or why, but it’s an increasing annoyance.

This is a quick summary of what seems to be happening:
(1) A legitimate company’s or organisation’s helpdesk email address is signed up to a mail list like this one.
(2) Every time someone posts to the list, they receive an automated notification from the helpdesk.
(3) On mail lists where DMARC mitigation is in effect, the notification comes back to the mail list.
(4) A consistent pattern is that the helpdesk staff seem utterly incapable of unsubscribing themselves from the list. They always seem to need to be unsubscribed by a list admin.

The key question to my mind is how do these helpdesks get signed up at all? Presumably it’s not the helpdesk staff themselves signing them up. It would appear that someone, somewhere has found a vulnerability in Mailman (as far as I can recall I’ve only seen this on Mailman lists) and is intentionally signing up legitimate company helpdesks to mail lists.

Lists with an active admin/mod can fix the problem quickly by unsubscribing the helpdesk.

Is it an attempted (rather feeble) DoS on the mail lists affected, on the concept of a mail list, or on the companies affected? I don’t know. I can’t see any real point to it. But it’s happening.

I’ve also seen employees leaving companies and their addresses being rerouted to the support mailbox.

That’s a very interesting point. I had not considered it as a possible cause of this problem.

Wtf kinda one word response is that lol

You missed the very important second line of the response, which makes the first, one-word line meaningful.

Go back and read it again. :wink:


There is a partial fix for this, at least for anyone using Mailman to run
their lists (e.g., nanog):

Set Mailman so that all new subscribers are moderated by default.

Either new subscriber X will one day send real content to the list
or they won't. If it's the latter, then it is very simple to use
Mailman's interface to simultaneously (a) approve the message for
distribution and (b) clear their moderation flag. If it's the
former, then the message will only be seen by the list-owners and
won't bother everyone on the list. [1]

This doesn't help with copies that are sent directly to list-members,
however. The fix for that is for responsible list owners (a) to
be available at the -owner address (per RFC 2142 and decades of best
practices) so that they can field problem reports and (b) to use Mailman
to (a) unsubscribe the errant address and (b) ban it. I'd also recommend
that they (c) publicly announce such actions with an "administrivia" Subject
line on-list so that list members can take corresponding actions in their
own mail systems.

If nanog-owner isn't responding then that's a serious lapse and
needs to be corrected immediately. Doing so is a fundamental part
of basic mailing list administration.

I'd also strongly recommend that list-owners have Mailman configured
to notify them of all subscribe/unsubscribe events and/or to require
manual list-owner approval for subscriptions. Interposing human
beings in the process doesn't solve this problem but it provides
the opportunity to detect and quash it early on.


[1] Note that this is also a partial defense against accounts which
are hijacked and turned into bots. Given that -- on most mailing lists
and especially on large ones -- the overwhelming majority of subscribers
will *never* send any traffic, nothing is lost by doing this. But on
the day when an account is hijacked and suddenly starts sending large
amounts of traffic, none of of it will get through to the mailing list.