[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unsubscribe DoS

----- Original Message -----
From: "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx>
To: "'Frank Knobbe'" <frank@xxxxxxxxx>; <vuln-dev@xxxxxxxxxxxxxxxxx>
Sent: Saturday, December 21, 2002 12:19 AM
Subject: RE: Unsubscribe DoS

> Many of these "unsubscribe" urls are just a way of verifying that the
> address is a valid one.  Probes, of a sort.

Indeed - ever noticed how spammers offering "verified" email addresses
charge more for their mailing lists?

It's a quandry we're in at the moment - the company I work for (we build and
host websites) have some custom written software for mailing visitors to
sites who have double opted in to mailing lists run by the sites, but even
with this double opt in there are always people who have forgotten they've
done it and want off the list. We provide an unsubscribe link (which does
what it's supposed to) but also add an X-Header that is a message from the
systems team saying "We're trying to do this as responsibly as possible, etc

I don't like being involved in this, but there given there isn't much I can
do about it, I'm at least trying to do it as responsibly as possible.


John Dow