The loss of innocence

[Farelf]

Oh the inhumanity (and yes, harvesting by infected machines of those monster "To:" and "CC:" e-mail lists is alive and well).

Reported in the local (West Australian) newspaper by "Inside Cover", August 18, that the Department of the Attorney-General inadvertently e-mailed more than 1800 of the State's Justices of the Peace with all their addresses showing. Then it began. One appalled Justice noted 500 "undelivered mail" notices. Others apparently received similar. One replied to "all", begging for respite (wrong move, on so many levels). Another begged the Department to "remove my e-mail from your lists." (too late, but how do you educate such innocents if they have so far resisted learning anything about basic internet security issues).

Several issues.

First and foremost being that one, probably many more, of those 1800 JsP has a trojanned computer and what a potential bonanza that situation might present to the ungodly.

Second the A-G's response is so far reported as "Oops, sorry, but it wasn't us who gave the list to unknown external party, our security is fine," (OWTTE) when there is such a clear need to manage the situation they have stumbled across - no-one else is going to and those compromised machines do, in fact, remain a breach in their security whenever they send anything more to to them, it may not be just addresses that are being relayed "elsewhere".

Third, to those victims "hoping this is the last of it," sorry old sons and daughters, it is only the beginning - as old hands know, not even death will remove you from a spammer's list.

Fourth, although the date of the A-G's e-mail is not given, it seems it was quite recent and it is remarkable how quickly some of the list have ended up spoofed as "From:" and/or "Reply-to:" addressees - perhaps the way (some) spammers "walk-through" their lists for originating addresses to forge isn't quite as random as may have been thought, maybe they concentrate on new and presumably valid ones for preference. In which case there is some hope of it ending "sometime" after all, notwithstanding the previous - but that was never my experience.

Fifth there remain all too many clueless ISPs out there who drop connection before they decide mail for their domains is undeliverable, then send misdirected bounces back to the innocent (forged) originating or reply-to address. The RFC which didn't specifically say that is wrong has been replaced long ago by one which does. Are eastern Europeans still mostly to blame for this, I wonder?

Ah, what a pity JsP don't get to actually try spammers. In this part of the world at least that might indeed test the notion of "judicial innocence", which is to say the exclusion of matters not in evidence.

For younger US readers wondering what on earth a "Justice of the Peace" might be, here is the Wikipedia link - http://en.wikipedia.org/wiki/Justice_of_the_peace. Some US states still have them and the Supreme Court has ruled they're not unconstitutional.