A misfired attempt by one subscriber to change the email address he used for receiving messages caused a storm in the a US Department of Homeland Security's mailing list today. Instead of sending a message to the list administrators, job-changing security consultant Alex hit the reply-to-all button. His message was sent to …
That's a real beginner's mistake...
That's the sort of mistake made by someone who knows very little indeed about mailing list technology.
If they have a bunch of n00bs running their IT, it's just as well that none of their other work involves critical IT systems or large databases of sensitive data.
Bloody stupid bureaucrats!
"Another subscriber wisely noted that the whole mess could have been avoided. If only the email mailout system had not been set up to automatically forward replies."
This is the Department of Homeland Security - couldn't they find even *one* system administrator willing to run a moderated mailing list for them?
If only the Nazis had been equally unable to find people willing to work for them... But then, without the Nazis as an example, perhaps people today wouldn't know how dangerous DHS is.
Quite common occurence
The way these are set up is that an alias has a lot of names on it. It is just that, an alias. This doesn't go to a redistribution point like a proper mailing list, it just gets sent out automatically. Very probably they were using Exchange, and group aliases are the rule of operation. I don't even know if Exchange offers the option of a moderated mail list. I've seen a couple of huge email storms like this, and one of them took down the Exchange message server.
Here's an approximation of the first one:
"Who owns this distribution list? I'd like to get off of it."
"I'd like to know who owns it, too."
(and so on, and collectible t-shirts were made to commemorate the event.)
The other time was that someone sent an email to the wrong alias, which generated an amazing number of less-than-professional replies from supposed professionals.
Reminds me of...
'against man's stupidity, the gods themselves contend in vain'
Wish I knew where it came from!
Makes you wonder
These are the people supposedly charged with the security of an entire nation? The people pushing for more and more rights and freedoms to be taken away all in the name of "security"?
Be afraid. Be very afraid. For they're coming for you next. (even if you don't live in the USA).
Against man's stupidity, the gods themselves contend in vain.
Friedrich von Schiller said it first, but Asimov used it in The Gods Themselves.
Words to live by. Apparently (if one is to trust the wikipedians) originated by Friedrich Schiller.
Re: That's a real beginner's mistake...
Couldn't possibly agree more. To add insult to injury, most mailing-list managers have some sort of graphical administration tool (be it by web or by GUI). A few clicks, surely, is all it would've taken to put it right. Although it should've been right from the start.
Re aliases: it's damned tempting, for sure, to use aliases rather than intermediate mailing-list managers. Most MTAs even make this easy (for instance sendmail using owner-list and list to control returned mail and membership). The real advantage is speed; the MTA can optimise bulk deliveries. The disadvantage is practically everything else - filtering of any kind, moderation, MIME part stripping, bounce handling (although you could still have a custom robot for that purpose, it would be harder to use). Most obviously it means user management of subscriptions is nontrivial. Depending on mailing-list manager, speed may be impaired (those using VERP, for instance, where envelope sender is varied uniquely per recipient so that bounce handling becomes straightforward). Others do it right, though - they accept the message, then call the MTA to send en-mass after doing filtering.
Ah well, guess sysadmins don't come cheap over there.
So why didn't they just use NNTP instead of email?
Oh yeah, you need to be able to do smileys :-|
ahh Government Security
blind leading the stupid leading the DHS telling the world how to do it!
Or even MailMan
There's a dozen commie^H^H^H^H^H^Hopen source list handlers that Do The Right thing by default!