There are many ways in which a malicious individual can harass another person online: cyber-stalking, joe-jobbing, impersonation and list-bombing. List-bombing occurs when a someone subscribes his or her victim's email to one or more (often commercial) mailing list. This is an interesting abuse of poorly constructed mailing lists which do not properly confirm the subscription to the list (confirmed opt-in or double opt-in). List-bombing is the equivalent of subscribing an individual to one or more junk mail services.

This particular abuse has several advantages over more conventional harassment for the abuser. First, the offending emails come from a third party and thus complaints will normally not affect the abuser. Second, any mailing list so poorly configured as to not require a confirmation step will likely not log any information about the abuser, letting them away scott free. Third, this causes some grief to not only the intended victim but also the mailing list administrator who will be accused of spamming.

As an example of how this might work, consider that I (scumbag@dirtball.net) want to make life miserable for my victim (innocent@angel.com), but I don't want to risk getting my connectivity severed by emailing innocent myself. Instead, I decide to subscribe my target's email to a couple of mailing lists: Newbie-admin-L, 1-4M-C00L-H4X0R-L, Anna-Kournikova-is-a-Goddess-L and the Republican National Committee mailing list (GOP-L). All of these lists immediately subscribe innocent, and the poor dear begins to get upwards of 100 emails a day from these lists. Even better for me, the abuser, is the fact that at least two of these lists (H4X0RS-L and GOP-L) are unlikely to ever stop emailing my victim due to sheer stupidity/maliciousness on their part.

If you find yourself a victim of this type of abuse, your recourses are few. You can try to unsubscribe, and if this fails filter the email from the offending list at either the client or server level. Second, you can contact the mailing-list administrator to see whether the IP of the computer used to subscribe you was provided. If so, perhaps the abuser's ISP can be contacted and the individual identified.

Log in or registerto write something here or to contact authors.