School mail WTF - one email to rule them all



  • I'm currently under great shock.



    Yesterday night, I received a mail from an unknown person, quite simple in all: the subject was "Test?", and the body was "Test! =D". I didn't quite get it, since I didn't know the person.

    Later that night, I received another email from Volkswagen, telling me some stranger named "Alex" decided to share with me his custom configuration of a GTI 2008. It was late at night; I just moved the mail to the trash.



    I just looked at it again, and I think I'll murder the IT people at the school.

    There's an address, like "everystudent@school.org". When it receives a message, it sends it to ALL addresses of EVERY student in the school. And it occurs this address was leaked.

    That stupid IT woman put the address in the Address field instead of the CCI field when she mailed the whole student body about some electricity problem.



    Somebody has to die for this. Blood will be shed. Most definitely.



  • Sounds like a mailing list that should have been properly configured so only a few admin users could send to it. 



  • @Felix C. said:


    There's an address, like "everystudent@school.org". When it receives a message, it sends it to ALL addresses of EVERY student in the school. And it occurs this address was leaked.
    Someone used a similar "everyone address" some years ago at, let's say, WTF High School. He took over his ex-girlfriend's account, then sent an email stating her name, phone number, address and that she "sucks on first date, screws on 3rd" and attached her X-rated photos.

    Kind of reminded me of that "Priceless" video.

    At least IT learned their lesson, and started restricting the "alumnos@wtfschool.mx" account after that. Oh, that girl was about to graduate HS, but she just ... left. The jackass was obviously caught, and expelled (he was also about to graduate.)



  •  What was that address again?



  • @danixdefcon5 said:

    He took over his ex-girlfriend's account, then sent an email stating her name, phone number, address and that she "sucks on first date, screws on 3rd" and attached her X-rated photos.

    Wow, sounds like JimBastard quality there.

     

    @danixdefcon5 said:

    Kind of reminded me of that "Priceless" video.

    Oh...



  • Sounds about like something my university's IT division would have pulled.  I worked for them my freshman year, so I got a firsthand look at their approach to certain things.

    On a somewhat-related note: my German 101 prof seemed to think it was a great idea to e-mail homework assignments to us, instead of just giving us the assignment in class.  I think "e-mail" may have been Alsatian German for "I can't be bothered to actually prepare for lecture!"   Class was Monday, Wednesday, and Friday mornings, so ostensibly we should have gotten the day's assignment by that afternoon and had plenty of time to do it.

    Well, this system might have worked, except that our professor didn't like to use her university account, because it was apparently full of spam.  So instead, she used her AOL account (which was somehow less spam-laden?).  And at the time, they were still having major delays in sending mail to outside domains.  The end result was that she'd send out an assignment on, say, Monday evening, it would be due Wednesday, and we'd get it at 1:00 AM Tuesday night/Wednesday morning.



  • OK, it's not that big a deal, but still :-)

    A few weeks ago, during the summer break, somebody sent yet-another info mail out on the university mailing list (for all of CS). I don't blame them for the following, because nobody could have seen it coming: somebody was on vacation. *gasp*. The automated vacation response was replied back to the mailing list "from" e-mail, which also happens to be the broadcast e-mail. After a few iterations, it looked something like this:

     I am currently on vacation. Reach me on my mobile: 123-456-789.

    > I am currently on vacation. Reach me on my mobile: 123-456-789. 

    >> I am currently on vacation. Reach me on my mobile: 123-456-789. 

    >>> I am currently on vacation. Reach me on my mobile: 123-456-789. 

    >>>> I am currently on vacation. Reach me on my mobile: 123-456-789. 

    ...

    >>>>>>>>>>>>>>>> Blah blah blah meeting saturday (or whatever).

    Then it somehow stopped. Until somebody replied:

    Why am I receiving this e-mail? That meeting has already been held!

    which was forwared to the entire mailing list..



  •  Just set up a filter that blocks all mail sent to "everystudent@school.org".  You said that the regular school emails don't put the address in the regular To: field.



  •  I never observed any malicious email exploder spam at college.  However, it seemed to be a practice of lazy (and/or stupid) graduate-level TAs (and/or teachers) in the Engineering departments to send emails to the effect of:

     To: all@college.edu

    Subject: Obscure Engineering 784

    No class on Tuesday.

    Signed,

    Stupid/lazy TA/teacher

    ...

    Thank you, I'll make sure to not show up for the class I'm clearly not enrolled in (each class has it's own mailing list whether or not the teacher uses it or not, no setup required; I'd assume this is pretty standard practice by now).  Undoubtedly these classes were smaller than the population of my double bedroom apartment.  Maybe they just wanted to feel popular and/or loved.



  • @MiffTheFox said:

     Just set up a filter that blocks all mail sent to "everystudent@school.org".  You said that the regular school emails don't put the address in the regular To: field.

    This is a problem when the Resources department sends out that "oops we deleted everyone's personal data and we need it back" or "omg all our basez are took" type emails.  On a weekly basis.

     

    In my case there was actually a lot of "useful" spam coming across the AllThingsEngineering@uni.net exploder (jobs, free pizza annoucements).



  • Just set up a script that forwards all mail sent to "everystudent@school.org" back to the same address.

     FTFY.  >:-D

     "Ohhhh, there must have been a bug in my anti-spam script, sorry!"



  • Exact same thing happened to me last year, except the message was asking how to use the all-students account. And was sent to the all-students account. Amazingly enough, nobody abused it; probably because nobody ever checks their school email anyway.



  • @lolwtf said:

    because nobody ever checks their school email anyway

    Reminds me of my school, any email account would get 150+ messages a day on a very slow spam day. No spam filtering, no way to sort through it, you were supposed to be able to forward everything to another account, though they disabled that, making my attempt a getting a decent client impossible (for example one that I could use to gut out the mass mailings). One of our teachers didn't quite understand why no-one read the school mail accounts. AFAIK we didn't have any mailing lists, which wouldn't have changed the experience much.



  •  While it didn't happen at a school, I was witness a few months ago to the mother of all mailing list wtfs.

     

    A good friend of mine was working for "Da Man" and asked me to set up a private list for his working group, mistake 1. I was even a nice guy and wrote out step by step instructions, mistake 2. Since this group consisted of people from all over the world, he natually thought of it as a Global group to which I replied "Kinda, but not really," mistake 3.

     

     So I get the list set up, clear it with IT so they can do the magic finger waving and whatever sacrificial offerings need done and call it a day, mistake 4.

     

    The next morning my phone rings, bad feeling, caller ID, REALLY bad feeling, I answer, mistake 5.

     

    The Director of IT for a TLA proceeds to tell me that he isn't really interested in my friends meeting, and that even if he was there was no way he could fly from the East coast to asia in time. My eyes cross, my brow furrows and I'm thinking WTF.

     

    Turns out my friend had put me in the CC line AND saw fit to list me as the POC and the end of the email. Ok, I can handle that, not happy about it but I can handle it. The true WTF came after talking to my friend later that day.

     

     He had been fixated on the Global aspect, and someone in some dark corner basement cubicle had seen fit to provide a premaid "Global" mailing list

    in Outlook. I think you can guess what happened. At some point in the wee hours of the morning the country wide exchange server died.  According the the local IT guys, it had processed roughly 3.5 million addresses before the machine sacrificed itself to the Blue Smoke Gods.

     

    ITs only reply was "I guess we should take that list out."


  • :belt_onion:

    I survived bedlam DL3



  • @shepd said:

    Just set up a script that forwards all mail sent to "everystudent@school.org" back to the same address.

    From: everystudent@school.org
    To: everystudent@school.org
    Subject: Dead mail servers

    Holy handgrenade, Batman!
    .


  • @bjolling said:

    I survived bedlam DL3
    Me too!



  • There was a similar such open mailing list for my university's CS department a while back.

    This address somehow leaked out (probably an e-mail posted to the web or something), and spammers managed to pick it up.

    And no, the university did not have anything like SpamAssassin configured at the time.



  •  We had a good one where someone unsubscribed the campus mailing list from the general mailing group. Everyone started gettings emails telling them they had been unsubscribed. People started replying, via Reply To All, that they didn't want to be unsubscribed. 800 emails in 2 days. Very good fun.

     

    And, at the end, no-one got unsubscribed.



  •  At my university we have a related problem. Each of the student societies has two of its own mailing lists - one that includes the whole society, and another for the exec members. Rather unhelpfully, these differ only in that the one for the whole society has the prefix ds- . Neither is usually restricted, so we constantly get people unwittingly sending out messages to the whole group, when only a handful of people were meant to receive them.


Log in to reply