[ih] No, really, I want to stay subscribed

Joe Touch touch at isi.edu
Tue Aug 23 22:32:50 PDT 2016


FYI, in case anyone wants to know:

vade retro is latin for "step back, Satan". it's a phrase used in exorcisms.

The company below appears to be an automated system to unsubscribe from
everything it receives. We're seeing that now because I was now able to
reconfigure the system to figure this out.

Here's what seems to be happening:

Someone on our list signed up for this service, and now every list post
turns into an unsubscribe request.

I'll get a copy of the mailing list and try to debug this over the next
few days. I think I now know how to figure out which address is causing
the problem.

When/if I find out more, I'll post.

Joe


On 8/23/2016 10:10 PM, Joe Touch wrote:
>
> FYI:
>
>
> On 8/23/2016 10:03 PM, Miles Fidelman wrote:
>>
>> Come to think of it, perhaps you might check the subscriber list for
>> anything that looks like:
>>
>> smtp01.vaderetro-safeunsubscribe.com [92.103.69.35]
>>
>
> I already checked and there is no such member (nobody with even a
> portion of that name).
>
>> and remove it!
>>
>> Now, if some subscriber is automatically vectoring messages through
>> some kind of unsubscription service, finding that subscriber might be
>> just a tad harder.
>>
>> Unfortunately, there is no web site at vaderetro-safeunsubscribe.com
>> (well, it comes back as 403 Forbidden)
>>
>
> Try this:
> https://www.vade-retro.com/en/technology/safe_unsubscribe.asp
>
> If we have evidence from at  least one other subscriber that this
> organization is responsible, I will contact them to see what's up.
>
> (can anyone else who is receiving these messages send the entire
> message, headers intact please?)
>
> Thanks,
>
> Joe
>
>> The whois shows this as owned by some French company that offers yet
>> another email security program - one that obviously makes things
>> worse for the world.  Perhaps you might drop them an email - see if
>> anyone responds.  Seems like their system is attacking the list.
>>
>> Domain Name: vaderetro-safeunsubscribe.com
>> Registry Domain ID: 1686009255_DOMAIN_COM-VRSN
>> Registrar WHOIS Server: whois.ovh.com
>> Registrar URL: http://www.ovh.com
>> Updated Date: 2015-10-28T09:45:30.0Z
>> Creation Date: 2011-11-07T13:57:12.0Z
>> Registrar Registration Expiration Date: 2016-11-07T13:57:12.0Z
>> Registrar: OVH, SAS
>> Registrar IANA ID: 433
>> Registrar Abuse Contact Email: abuse at ovh.net
>> Registrar Abuse Contact Phone: +33.972101007
>> Domain Status: clientTransferProhibited
>> https://icann.org/epp#clientTransferProhibited
>> Domain Status: clientDeleteProhibited
>> https://icann.org/epp#clientDeleteProhibited
>> Registry Registrant ID:
>> Registrant Name: Vade Retro Technology
>> Registrant Organization: Vade Retro Technology
>> Registrant Street: avenue antoine pinay
>> Registrant City: hem
>> Registrant State/Province:
>> Registrant Postal Code: 59510
>> Registrant Country:  FR
>> Registrant Phone: +33.328328328
>> Registrant Phone Ext:
>> Registrant Fax: +33.328328329
>> Registrant Fax Ext:
>> Registrant Email: uku0shwwfp3xze6a91lu at l.o-w-o.info
>> Registry Admin ID:
>> Admin Name: Vade Retro Technology
>> Admin Organization: Vade Retro Technology
>> Admin Street: 3 avenue antoine pinay
>> Admin City: hem
>> Admin State/Province:
>> Admin Postal Code: 59510
>> Admin Country:  FR
>> Admin Phone: +33.328328888
>> Admin Phone Ext:
>> Admin Fax: +33.328328329
>> Admin Fax Ext:
>> Admin Email: sl6mw8yiwfnf3i13lzte at f.o-w-o.info
>> Registry Tech ID:
>> Tech Name: Vade Retro Technology
>> Tech Organization: Vade Retro Technology
>> Tech Street: 3 avenue antoine pinay
>> Tech City: hem
>> Tech State/Province:
>> Tech Postal Code: 59510
>> Tech Country:  FR
>> Tech Phone: +33.328328888
>> Tech Phone Ext:
>> Tech Fax: +33.328328329
>> Tech Fax Ext:
>> Tech Email: sl6mw8yiwfnf3i13lzte at f.o-w-o.info
>> Name Server: dns1.goto.fr
>> Name Server: dns2.goto.fr
>> DNSSEC: unsigned
>>
>>
>>
>> On 8/24/16 12:49 AM, Miles Fidelman wrote:
>>>
>>> Well, just got another one, timestamped 9:12
>>>
>>> And where the earlier ones asked me to confirm my unsubscribe
>>> request, this one says that it's forwarded it to the admin.
>>>
>>> And no, I did not send the original request - the From: line must be
>>> forged.  But... looking at the headers, it looks like it REALLY came
>>> from:
>>>
>>> from [unsubscribe] (unknown [10.10.31.123]) by
>>> smtp01.vaderetro-safeunsubscribe.com (Postfix) with SMTP id
>>> ED4591BF7CB for <internet-history-request at postel.org>; Wed, 24 Aug
>>> 2016 03:11:49 +0200 (CEST)
>>>
>>> So who the hell is vaderetro-safeunsubscribe.com, and why is it
>>> trying to unsubscribe people from internet-history?
>>>
>>> Miles Fidelman
>>>
>>>
>>>> The results of your email command are provided below. Attached is your
>>>> original message.
>>>>
>>>> - Results:
>>>>     Your unsubscription request has been forwarded to the list administrator for
>>>> approval.
>>>>
>>>> - Done.
>>>>
>>>>
>>>> ForwardedMessage.eml
>>>>
>>>> Subject:
>>>> unsubscribe
>>>> From:
>>>> mfidelman at meetinghouse.net
>>>> Date:
>>>> 8/23/16, 9:11 PM
>>>>
>>>> To:
>>>> internet-history-request at postel.org
>>>>
>>>
>>>
>>> On 8/23/16 8:43 PM, Joe Touch wrote:
>>>> Hi, all,
>>>>
>>>>
>>>> On 8/23/2016 4:15 PM, Miles Fidelman wrote:
>>>>> On 8/23/16 6:35 PM, Alan Clegg wrote:
>>>>>
>>>>>> On 8/23/16 6:13 PM, John R. Levine wrote:
>>>>>>>> I get them as well. I've seen them on other lists too.
>>>>>>> The usual approach is to send mail to parts of the list with tagged
>>>>>>> addresses to see which ones trigger the unsub-bot, and narrow it down to
>>>>>>> the guilty party.
>>>>> Or to just save incoming messages to  -request, so one can look at the 
>>>>> headers.
>>>> The header indicates it's coming from the mailman system. I.e., these
>>>> aren't forged; they're unsub requests.
>>>>
>>>>>> If only there were programmers around to make this happen....
>>>>>>
>>>>> Not even - just a sysadmin who can update the alias for -request, to add 
>>>>> an actual mailbox.
>>>>>
>>>>> Who's listmaster for ih anyway?
>>>> I am.
>>>>
>>>> I did some digging on this issue and the suggestion is to disable user
>>>> unsubscribe completely (i.e., requires admin OK). Since I don't track
>>>> those mails, it may be more difficult to get off the list now, but at
>>>> least the stream of unsubs should calm down.
>>>>
>>>> Please let me know if you see further unsub requests.
>>>>
>>>> Joe
>>>
>>> -- 
>>> In theory, there is no difference between theory and practice.
>>> In practice, there is.  .... Yogi Berra
>>
>> -- 
>> In theory, there is no difference between theory and practice.
>> In practice, there is.  .... Yogi Berra
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20160823/4ce1d9dd/attachment.htm>


More information about the Internet-history mailing list