We received the following email, with an incredible number of email addresses in the cc: field. We did not even get the original message. Maybe someone has a virus on their computer? I am guessing this is every NOC email address in someone’s address book.
The email caused us to receive 45 auto-replies from around 5 different domains, that were forwarded to us (and all the addresses below), by digitalwest.net.
Maybe someone forwarded all the addresses to a public mailing list which is archived on the web in multiple places, and the addresses got harvested by spammers?
It appears to be caused by an someone replying to all, instead of just the
originator of the message. Since most of the recipients were role accounts
under a ticketing system, the auto-responders took over, creating an
interesting loop; It provides a good reason why an auto-responder should
strip out the Cc: when sending a response.
The original message is below, although I still question its intent.
Please don't reply to the message if you receive it, it should die out.
Joe has almost got it. Apparently a Jim of ICG sent an e-mail to a
large collection of NOC contacts -- one of which was ours -- asking
about a holiday moratorium. It hit our (digitalwest.net) ticketing
system (RT2) which stripped off the Cc: line so I didn't see it when I
responded via e-mail to him via the queue. I had no idea he'd Cc:'d
anyone (and, by default, RT doesn't display the Cc: line in the e-mail
sent to queue watchers though it does display it in the web interface).
Since the recipient expansion is handled by RT and not the mail client
I could not see the horrendous list of Cc:'s. When my response
went back into our ticketing system to go out to Jim, RT expanded the
recipients list back out to include all of the original recipients.
Apparently Jim didn't know how to Bcc:... We turned off our
auto-responder immediately after we discovered what had happened to
mitigate NOC ticket system loops.
