Tuesday, 27 May 2008

The Great Mailing List Removal Spam Bomb

Every now and then someone creates a mailing list to announce something and makes three rather fundamental errors: they set it up so that the reply-to address is the whole list, they allow anyone to post to it, and they don't make it as clear and obvious as possible how to unsubscribe.

What really boggles me is that this seems to happen most often in announcements of technical conferences of interest to people who should have an above-average understanding of how email and mailing lists work (though I suppose this could be a factor of the company I keep).

Inevitably, every now and then, when one of these announcements is sent out, someone replies to the entire list asking to be unsubscribed. This triggers a cascade, where others, who would have ignored one unwanted announcement, ask to be unsubscribed too – all such requests going to the entire list (the lesson that they were annoyed apparently having failed to sink in).

The most recent such instance I've encountered was a conference for Field-Programmable Technology (ICFPT 08), about as technical a concept as you can get, and one only hard-core computer scientists and computer systems engineers would be interested in. Unless the original mailing list was misconfigured and included a batch of classics professors who had been inducted to the Internet the day before, it's hard to see how this list could have gone to a significant number of people who would fall into the unsubscribe spam error. But it did.

The result? At least 35 unsubscribe requests to the list, including two (apparently unable to see the irony in their response) which included requests to others not to post to the entire list, and about 15 requests to stop spamming the list.

You have to wonder how this could happen in a technical field. There is of course a fundamental flaw in the way email works which makes it impossible to prevent this sort of thing. There is no limit on how long you can make a recipient list, so there is no way to force mailing lists to be set up according to a specific design that would eliminate this sort of problem.

Of course there are much better solutions out there. A proper mailing list manager can be set up which puts clear and obvious instructions on each message on how to subscribe, and announcement lists should never be set up to allow anyone but a short list of authorized posters to post messages.

What's to be done?

Until we can replace email by something better that would prevent this sort of thing by design, all I can do is point out the idiocy of this sort of behaviour and hope the message gets out. But not repeatedly to the same mailing list. Next time this happens, I'll post a pointer to this article.

No comments: