[ih] No, really, I want to stay subscribed

Tue Aug 23 22:10:49 PDT 2016

FYI:

On 8/23/2016 10:03 PM, Miles Fidelman wrote:
>
> Come to think of it, perhaps you might check the subscriber list for
> anything that looks like:
>
> smtp01.vaderetro-safeunsubscribe.com [92.103.69.35]
>

I already checked and there is no such member (nobody with even a
portion of that name).

> and remove it!
>
> Now, if some subscriber is automatically vectoring messages through
> some kind of unsubscription service, finding that subscriber might be
> just a tad harder.
>
> Unfortunately, there is no web site at vaderetro-safeunsubscribe.com
> (well, it comes back as 403 Forbidden)
>

Try this:
https://www.vade-retro.com/en/technology/safe_unsubscribe.asp

If we have evidence from at  least one other subscriber that this
organization is responsible, I will contact them to see what's up.

(can anyone else who is receiving these messages send the entire
message, headers intact please?)

Thanks,

Joe

> The whois shows this as owned by some French company that offers yet
> another email security program - one that obviously makes things worse
> for the world.  Perhaps you might drop them an email - see if anyone
> responds.  Seems like their system is attacking the list.
>
> Domain Name: vaderetro-safeunsubscribe.com
> Registry Domain ID: 1686009255_DOMAIN_COM-VRSN
> Registrar WHOIS Server: whois.ovh.com
> Registrar URL: http://www.ovh.com
> Updated Date: 2015-10-28T09:45:30.0Z
> Creation Date: 2011-11-07T13:57:12.0Z
> Registrar Registration Expiration Date: 2016-11-07T13:57:12.0Z
> Registrar: OVH, SAS
> Registrar IANA ID: 433
> Registrar Abuse Contact Email: abuse at ovh.net
> Registrar Abuse Contact Phone: +33.972101007
> Domain Status: clientTransferProhibited
> https://icann.org/epp#clientTransferProhibited
> Domain Status: clientDeleteProhibited
> https://icann.org/epp#clientDeleteProhibited
> Registry Registrant ID:
> Registrant Name: Vade Retro Technology
> Registrant Organization: Vade Retro Technology
> Registrant Street: avenue antoine pinay
> Registrant City: hem
> Registrant State/Province:
> Registrant Postal Code: 59510
> Registrant Country:  FR
> Registrant Phone: +33.328328328
> Registrant Phone Ext:
> Registrant Fax: +33.328328329
> Registrant Fax Ext:
> Registrant Email: uku0shwwfp3xze6a91lu at l.o-w-o.info
> Registry Admin ID:
> Admin Name: Vade Retro Technology
> Admin Organization: Vade Retro Technology
> Admin Street: 3 avenue antoine pinay
> Admin City: hem
> Admin State/Province:
> Admin Postal Code: 59510
> Admin Country:  FR
> Admin Phone: +33.328328888
> Admin Phone Ext:
> Admin Fax: +33.328328329
> Admin Fax Ext:
> Admin Email: sl6mw8yiwfnf3i13lzte at f.o-w-o.info
> Registry Tech ID:
> Tech Name: Vade Retro Technology
> Tech Organization: Vade Retro Technology
> Tech Street: 3 avenue antoine pinay
> Tech City: hem
> Tech State/Province:
> Tech Postal Code: 59510
> Tech Country:  FR
> Tech Phone: +33.328328888
> Tech Phone Ext:
> Tech Fax: +33.328328329
> Tech Fax Ext:
> Tech Email: sl6mw8yiwfnf3i13lzte at f.o-w-o.info
> Name Server: dns1.goto.fr
> Name Server: dns2.goto.fr
> DNSSEC: unsigned
>
>
>
> On 8/24/16 12:49 AM, Miles Fidelman wrote:
>>
>> Well, just got another one, timestamped 9:12
>>
>> And where the earlier ones asked me to confirm my unsubscribe
>> request, this one says that it's forwarded it to the admin.
>>
>> And no, I did not send the original request - the From: line must be
>> forged.  But... looking at the headers, it looks like it REALLY came
>> from:
>>
>> from [unsubscribe] (unknown [10.10.31.123]) by
>> smtp01.vaderetro-safeunsubscribe.com (Postfix) with SMTP id
>> ED4591BF7CB for <internet-history-request at postel.org>; Wed, 24 Aug
>> 2016 03:11:49 +0200 (CEST)
>>
>> So who the hell is vaderetro-safeunsubscribe.com, and why is it
>> trying to unsubscribe people from internet-history?
>>
>> Miles Fidelman
>>
>>
>>> The results of your email command are provided below. Attached is your
>>> original message.
>>>
>>> - Results:
>>>     Your unsubscription request has been forwarded to the list administrator for
>>> approval.
>>>
>>> - Done.
>>>
>>>
>>> ForwardedMessage.eml
>>>
>>> Subject:
>>> unsubscribe
>>> From:
>>> mfidelman at meetinghouse.net
>>> Date:
>>> 8/23/16, 9:11 PM
>>>
>>> To:
>>> internet-history-request at postel.org
>>>
>>
>>
>> On 8/23/16 8:43 PM, Joe Touch wrote:
>>> Hi, all,
>>>
>>>
>>> On 8/23/2016 4:15 PM, Miles Fidelman wrote:
>>>> On 8/23/16 6:35 PM, Alan Clegg wrote:
>>>>
>>>>> On 8/23/16 6:13 PM, John R. Levine wrote:
>>>>>>> I get them as well. I've seen them on other lists too.
>>>>>> The usual approach is to send mail to parts of the list with tagged
>>>>>> addresses to see which ones trigger the unsub-bot, and narrow it down to
>>>>>> the guilty party.
>>>> Or to just save incoming messages to  -request, so one can look at the 
>>>> headers.
>>> The header indicates it's coming from the mailman system. I.e., these
>>> aren't forged; they're unsub requests.
>>>
>>>>> If only there were programmers around to make this happen....
>>>>>
>>>> Not even - just a sysadmin who can update the alias for -request, to add 
>>>> an actual mailbox.
>>>>
>>>> Who's listmaster for ih anyway?
>>> I am.
>>>
>>> I did some digging on this issue and the suggestion is to disable user
>>> unsubscribe completely (i.e., requires admin OK). Since I don't track
>>> those mails, it may be more difficult to get off the list now, but at
>>> least the stream of unsubs should calm down.
>>>
>>> Please let me know if you see further unsub requests.
>>>
>>> Joe
>>
>> -- 
>> In theory, there is no difference between theory and practice.
>> In practice, there is.  .... Yogi Berra
>
> -- 
> In theory, there is no difference between theory and practice.
> In practice, there is.  .... Yogi Berra

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20160823/1a0a1b01/attachment.htm>