22 Jul 08 Today's Sympa Problem

ALA Members and Staff,

I’d like to explain what happened to our mailing list server that caused the large temporary backlog of messages. We fell victim not to a focused spam attack, but to the collateral damage of a spammer, so to speak. A spammer pretended to be sending possibly millions of spam messages from one of our lists – by forging the mail they sent to make it look like it was coming from the list’s address. The result was thousands upon thousands of “bounce” messages that were sent from around the world to our Sympa server.

Spammers generally have many thousands of bad email addresses in their sneakily gathered lists, and any email to a bad address generates a bounce. That bounce is sent to the sender’s (or in this case, the faked sender’s) address. The huge number of incoming bounce messages had to be processed by the Sympa server as they arrived, and the volume of additional bounces bogged the server down terribly, causing a backlog to build up. We identified the list that had been impersonated, shut it off (so the server would no longer concern itself with bounces to that list), and began culling the bad messages from the queue.

We are investigating whether there is anything we can do in order to prevent this in the future. It is a problem plaguing many high volume list servers. The difficult part is that the bounces themselves are not spam to be filtered, and filtering all bounce messages would break an important function of email servers.

The Sympa list server is now operating as normal again, and will be caught up with its message backlog within a few hours.

Matthew Ivaliotes
Information Technology & Telecommunication Services
American Library Association
(312) 280-4266