<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>FYI, in case anyone wants to know:</p>
<p>vade retro is latin for "step back, Satan". it's a phrase used in
exorcisms.</p>
<p>The company below appears to be an automated system to
unsubscribe from everything it receives. We're seeing that now
because I was now able to reconfigure the system to figure this
out.</p>
<p>Here's what seems to be happening:</p>
<p>Someone on our list signed up for this service, and now every
list post turns into an unsubscribe request.</p>
<p>I'll get a copy of the mailing list and try to debug this over
the next few days. I think I now know how to figure out which
address is causing the problem.</p>
<p>When/if I find out more, I'll post.<br>
</p>
<p>Joe<br>
<br>
</p>
<br>
<div class="moz-cite-prefix">On 8/23/2016 10:10 PM, Joe Touch wrote:<br>
</div>
<blockquote cite="mid:bb0cf5dc-ec81-57c1-bf25-b1484523b965@isi.edu"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>FYI:<br>
</p>
<br>
<div class="moz-cite-prefix">On 8/23/2016 10:03 PM, Miles Fidelman
wrote:<br>
</div>
<blockquote
cite="mid:a8f9aec2-656b-775b-1b8a-3e1068c92453@meetinghouse.net"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>Come to think of it, perhaps you might check the subscriber
list for anything that looks like:</p>
<p>smtp01.vaderetro-safeunsubscribe.com [92.103.69.35]</p>
</blockquote>
<br>
I already checked and there is no such member (nobody with even a
portion of that name).<br>
<br>
<blockquote
cite="mid:a8f9aec2-656b-775b-1b8a-3e1068c92453@meetinghouse.net"
type="cite">
<p>and remove it!</p>
<p>Now, if some subscriber is automatically vectoring messages
through some kind of unsubscription service, finding that
subscriber might be just a tad harder.</p>
<p>Unfortunately, there is no web site at
vaderetro-safeunsubscribe.com (well, it comes back as 403
Forbidden)<br>
</p>
</blockquote>
<br>
Try this:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://www.vade-retro.com/en/technology/safe_unsubscribe.asp">https://www.vade-retro.com/en/technology/safe_unsubscribe.asp</a><br>
<br>
If we have evidence from at least one other subscriber that this
organization is responsible, I will contact them to see what's up.<br>
<br>
(can anyone else who is receiving these messages send the entire
message, headers intact please?)<br>
<br>
Thanks,<br>
<br>
Joe<br>
<br>
<blockquote
cite="mid:a8f9aec2-656b-775b-1b8a-3e1068c92453@meetinghouse.net"
type="cite">
<p> </p>
<p>The whois shows this as owned by some French company that
offers yet another email security program - one that obviously
makes things worse for the world. Perhaps you might drop them
an email - see if anyone responds. Seems like their system is
attacking the list.<br>
</p>
<p>Domain Name: vaderetro-safeunsubscribe.com<br>
Registry Domain ID: 1686009255_DOMAIN_COM-VRSN<br>
Registrar WHOIS Server: whois.ovh.com<br>
Registrar URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext" href="http://www.ovh.com">http://www.ovh.com</a><br>
Updated Date: 2015-10-28T09:45:30.0Z<br>
Creation Date: 2011-11-07T13:57:12.0Z<br>
Registrar Registration Expiration Date: 2016-11-07T13:57:12.0Z<br>
Registrar: OVH, SAS<br>
Registrar IANA ID: 433<br>
Registrar Abuse Contact Email: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:abuse@ovh.net">abuse@ovh.net</a><br>
Registrar Abuse Contact Phone: +33.972101007<br>
Domain Status: clientTransferProhibited <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://icann.org/epp#clientTransferProhibited">https://icann.org/epp#clientTransferProhibited</a><br>
Domain Status: clientDeleteProhibited <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://icann.org/epp#clientDeleteProhibited">https://icann.org/epp#clientDeleteProhibited</a><br>
Registry Registrant ID:<br>
Registrant Name: Vade Retro Technology<br>
Registrant Organization: Vade Retro Technology<br>
Registrant Street: avenue antoine pinay<br>
Registrant City: hem<br>
Registrant State/Province:<br>
Registrant Postal Code: 59510<br>
Registrant Country: FR<br>
Registrant Phone: +33.328328328<br>
Registrant Phone Ext:<br>
Registrant Fax: +33.328328329<br>
Registrant Fax Ext:<br>
Registrant Email: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:uku0shwwfp3xze6a91lu@l.o-w-o.info">uku0shwwfp3xze6a91lu@l.o-w-o.info</a><br>
Registry Admin ID:<br>
Admin Name: Vade Retro Technology<br>
Admin Organization: Vade Retro Technology<br>
Admin Street: 3 avenue antoine pinay<br>
Admin City: hem<br>
Admin State/Province:<br>
Admin Postal Code: 59510<br>
Admin Country: FR<br>
Admin Phone: +33.328328888<br>
Admin Phone Ext:<br>
Admin Fax: +33.328328329<br>
Admin Fax Ext:<br>
Admin Email: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:sl6mw8yiwfnf3i13lzte@f.o-w-o.info">sl6mw8yiwfnf3i13lzte@f.o-w-o.info</a><br>
Registry Tech ID:<br>
Tech Name: Vade Retro Technology<br>
Tech Organization: Vade Retro Technology<br>
Tech Street: 3 avenue antoine pinay<br>
Tech City: hem<br>
Tech State/Province:<br>
Tech Postal Code: 59510<br>
Tech Country: FR<br>
Tech Phone: +33.328328888<br>
Tech Phone Ext:<br>
Tech Fax: +33.328328329<br>
Tech Fax Ext:<br>
Tech Email: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:sl6mw8yiwfnf3i13lzte@f.o-w-o.info">sl6mw8yiwfnf3i13lzte@f.o-w-o.info</a><br>
Name Server: dns1.goto.fr<br>
Name Server: dns2.goto.fr<br>
DNSSEC: unsigned<br>
<br>
</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 8/24/16 12:49 AM, Miles Fidelman
wrote:<br>
</div>
<blockquote
cite="mid:51946961-f354-697a-a833-564b74d63f75@meetinghouse.net"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>Well, just got another one, timestamped 9:12</p>
<p>And where the earlier ones asked me to confirm my
unsubscribe request, this one says that it's forwarded it to
the admin.</p>
<p>And no, I did not send the original request - the From:
line must be forged. But... looking at the headers, it
looks like it REALLY came from:</p>
<p>from [unsubscribe] (unknown [10.10.31.123]) by
smtp01.vaderetro-safeunsubscribe.com (Postfix) with SMTP id
ED4591BF7CB for <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:internet-history-request@postel.org"><internet-history-request@postel.org></a>;
Wed, 24 Aug 2016 03:11:49 +0200 (CEST)<br>
</p>
<p>So who the hell is vaderetro-safeunsubscribe.com, and why
is it trying to unsubscribe people from internet-history?</p>
<p>Miles Fidelman<br>
</p>
<p><br>
</p>
<p> </p>
<blockquote type="cite">
<div class="moz-text-plain" wrap="true"
graphical-quote="true" style="font-family: -moz-fixed;
font-size: 12px;" lang="x-western">
<pre wrap="">The results of your email command are provided below. Attached is your
original message.
- Results:
Your unsubscription request has been forwarded to the list administrator for
approval.
- Done.
</pre>
</div>
<br>
<fieldset class="mimeAttachmentHeader"><legend
class="mimeAttachmentHeaderName">ForwardedMessage.eml</legend></fieldset>
<table class="header-part1" border="0" cellpadding="0"
cellspacing="0" width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname"
style="display:inline;">Subject: </div>
unsubscribe</td>
</tr>
<tr>
<td>
<div class="headerdisplayname"
style="display:inline;">From: </div>
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:mfidelman@meetinghouse.net">mfidelman@meetinghouse.net</a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname"
style="display:inline;">Date: </div>
8/23/16, 9:11 PM</td>
</tr>
</tbody>
</table>
<table class="header-part2" border="0" cellpadding="0"
cellspacing="0" width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname"
style="display:inline;">To: </div>
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:internet-history-request@postel.org">internet-history-request@postel.org</a></td>
</tr>
</tbody>
</table>
</blockquote>
<br>
<br>
<div class="moz-cite-prefix">On 8/23/16 8:43 PM, Joe Touch
wrote:<br>
</div>
<blockquote
cite="mid:93d26d00-1557-e1f2-ee3d-0a3c9dbd1c23@isi.edu"
type="cite">
<pre wrap="">Hi, all,
On 8/23/2016 4:15 PM, Miles Fidelman wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 8/23/16 6:35 PM, Alan Clegg wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 8/23/16 6:13 PM, John R. Levine wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">I get them as well. I've seen them on other lists too.
</pre>
</blockquote>
<pre wrap="">The usual approach is to send mail to parts of the list with tagged
addresses to see which ones trigger the unsub-bot, and narrow it down to
the guilty party.
</pre>
</blockquote>
</blockquote>
<pre wrap="">Or to just save incoming messages to -request, so one can look at the
headers.
</pre>
</blockquote>
<pre wrap="">The header indicates it's coming from the mailman system. I.e., these
aren't forged; they're unsub requests.
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">If only there were programmers around to make this happen....
</pre>
</blockquote>
<pre wrap="">Not even - just a sysadmin who can update the alias for -request, to add
an actual mailbox.
Who's listmaster for ih anyway?
</pre>
</blockquote>
<pre wrap="">I am.
I did some digging on this issue and the suggestion is to disable user
unsubscribe completely (i.e., requires admin OK). Since I don't track
those mails, it may be more difficult to get off the list now, but at
least the stream of unsubs should calm down.
Please let me know if you see further unsub requests.
Joe
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra</pre>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>