Hi, Andy Smith wrote: > What you have interpreted as "a threat" was simply a procedural > warning that if your address continues to be undeliverable then you > will be automatically unsubscribed.
It is a threat, because debian-user is the only mailing list where i ever witnessed that a troll exploited the unscubscription habits to throw out multiple users. See the threads under https://lists.debian.org/debian-user/2021/10/msg00248.html https://lists.debian.org/debian-user/2021/10/msg00335.html https://lists.debian.org/debian-user/2021/10/msg00337.html I myself had to challenge the offender to get thrown out too. https://lists.debian.org/debian-user/2021/10/msg00434.html So it was a human or a very smart AI. It lasted a few days until a remedy was developed. I had to re-subscribe after each message i posted. So i want to prepare for possible real problems by first asking how many mail providers differ slightly from the list servers assessment and reaction. As next step i would ask the list masters to consider ignoring bounces if the mail has a nearly-spam score on the Debian list. In such a case it is likely that other servers see a barely-spam score and let bounce. (The usual attempts of spam catching are futile at best and really annoying when not only obvious spam comes through, but also legit mails are rejected or even unsubscriptions are enforced. It is easier for me to cope with all unfiltered spam than with half-working attempts to protect me from falling victim to social engineering.) > we can assume it will be rare that GMX and Debian will disagree over > spam score I refrain from developing a proof-of-concept how to exploit the current behavior. But i am quite sure it is possible to do so. > Personally what I do is silently discard spammy emails from known > list servers instead of rejecting them at SMTP time (which is > otherwise and usually desirable). Doing that does require running > your own mail server though, which almost no one does. This is hardly feasible for me in these days. DKIM, SPF, DMARC, ... not a problem for the spammers, but hard for the innocent, old, and clueless. Have a nice day :) Thomas
