[Gllug] [OT] spam accident

ian at house-from-hell.demon.co.uk ian at house-from-hell.demon.co.uk
Fri May 20 19:45:53 UTC 2005 

trmsw at yahoo.co.uk wrote:

> Someone at work receives emails from an organisation who sent one
> particular email to about 200 people. The email somehow "got replicated"
> and filled up our POP server and many others with 1000s of copies of
> itself.
> 
> The organisation responsible for this accidental DOS have explained that
> this was because of a dodgy email server 'somewhere in Shropshire' madly
> spawning copies of the email, but I wondered if putting so many
> addresses into one email might be partly responsible. Has anyone come
> across something similar?

We did one recently:) The problem is caused by using To: or Cc: instead of Bcc:.

Our ancient proprietary (and under replacement) email software doesn't expand mailing lists on the To: or Cc: lines in the mail itself. So if you send an email to a ML which contains several external addresses, all the addressees see is "mailing-list at our-company.com". It is not obvious that this is a mailing list.

The accident in question required a conspiracy of idiots. Number one, in South Africa, requested the creation of some huge mailing lists of external customers. Number two, in India, spent all weekend creating them, and did not warn number 1 to use Bcc:.

On Monday, Idiot number one sent an email to these lists proudly announcing a new service. Using To:, not Bcc:.

So of course the recipients started to "reply all". They could only see two or three addresses in the "To:" so they didn't realise they were actually replying to hundreds of other people, via our server. Many of the recipients of these unintended emails complained, via reply all.

By Tuesday morning several of our customers were being mailbombed by this garbage and so the situation came to our attention. A colleague promptly deleted the lists idiot 2 had taken all weekend to create. It still took 2 days for the situation to come under control. And we weren't over popular with a number of customers, many of whom were savvy enough to realise that it was our fault, even though the garbage was "From:" other customers. Fortunately it was mostly restricted to southern Africa.

An edict has now gone out mandating Bcc: for such mailings:)

> Perhaps I should suggest they use proper mailing list software?

No bad idea.

Regards, Ian

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list