We had a Social email loop when I worked for a company with 33k employees. Someone sent out a newsletter to the company ALL mailbox, which had some tips for winterizing, and asked mostly rhetorically "What are your tips for preparing for winter?"
A handful people replied to the entire company w/o realizing it - stuff like "Well I'm in California, I don't have to worry about it. Ha!".
I think it would have ended there. But some grumpy programmer in NYC of course decided to reply "People. Stop replying-all!" One would think being a programmer he'd be smart enough to reply to just the people who had unintentionally spammed the whole company. But no. He spammed the whole company.
And after that it was on. Dozens of emails a minute. Tons of replies like "Please take me off this list." Tons more grumpy people complaining. Big bosses pulling rank "Ok I am Vice President of muckety muck and we need to stop this replying all right now!" And the best: "Stop replying all to everyone to tell them to stop replying all!" - replied to all of course. O_o
It didn't help that a lot of people worked in labs and shared computers. So they'd log on and see a ton of emails w/o knowing what happened. By the end of the week it finally died down. Then the next Monday people came back from vacation, saw 500+ emails, and of course asked to be taken off the list. This went on for weeks before it finally trickled to a halt.
Why anyone was allowed to spam the entire company, or the address couldn't be blocked, I have no idea. I was tempted to use it to fish for a tennis partner. And then apologize and claim ignorance of course.
This exact same thing happened at DuPont about 5 years ago. I believe there were roughly 80k employees at the time. There was essentially no real work email for most of the day until I believe IT figured out how to add a whitelist for @company emails.
My theory was, when they switched from LotusNotes to Outlook, they never ported over years of worth of experience encoded in user permissions. At least that fits well with the warning people always give about re-writing legacy software....
> I think it would have ended there. But some grumpy programmer in NYC of course decided to reply "People. Stop replying-all!" One would think being a programmer he'd be smart enough to reply to just the people who had unintentionally spammed the whole company. But no. He spammed the whole company.
It's probably because he felt that he was in a position of expertise and authority that he tried to pre-empt the problem by telling everyone not to reply to the list. One last message to all, then the problem would be definitively solved, or so the logic would go.
What a hilarious story. Talking about email ethics. I remember myself doing a similar mistake, new at work. This old timer came barging into my cubicle and commanding me to “stop emailing all!”.
Ok well it might be a company I know, similar thing happened at an old workplace, but the funny thing was the company I was at had been sold off about a month and a half before, but we were all still receiving email from the old company!
Another story about inappropriate emails, luckily I wasn't the perpetrator here.
It was the late 90's. Email systems were generally wide open for exploitation. (It was the golden age of Spam)
I myself had figured out that it was trivial to send a message and make it look like it came from anyone. Simple:
telnet <server> 25
HELO
MAIL FROM: <whatever you want>
RCPT TO: <recipient>
DATA <body contents>
QUIT
I used this a few times to mess with friends, send them messages from God, etc. Good times.
Thing is, I wasn't the only one who'd figured this out, and the university had an "All Users" list with only 3 or 4 people whitelisted to send it messages.
Someone else knew about the forged FROM scheme, and speculated that the "All Users" list didn't do any fancy verification of the "From" address.
This speculation was correct. And the University President was one of those 3 or 4 people whose email address was whitelisted.
The problem for this student was that they thought to themselves, "No, it couldn't be that easy..." And proceeded to send a test message.
It was that easy, and their test message sent successfully. The contents were... explosive. First, it cancelled all classes for the day (of course). Had it stopped there, this story might have ended as just an ultimately harmless prank. But it went further.
The message went on to describe how the president, with this free time from classes, would make herself available to provide, um, carnal knowledge of a very uncomfortable place at a particular time & location.
It didn't take long. IP addresses were statically assigned. It was easy to locate the offending computer, which in this case was in a computer lab.
So, cross reference login times against that IP address, right? Nope, not necessary: The computer was the one reserved only for the lab assistant on duty. Expulsion was rapid. In an interview with the student newspaper, the student decried, "I didn't think it would work!"
I used to help run the website for Rogue Wave Software, who had the domain name "roguewave.com", and also bought the domain name "rwav.com" after the company went public as RWAV.
"rwav.com" had previously been owned by a small ISP, and their most famous hosted site was for "Vicky the Bodybuilder". We knew this because we'd see hits for her page all the time.
I emailed top few sites that were linking to the old Vicky address, letting them know the site had moved, and nobody changed their addresses.
So then I got Vicky's real email, and used the above telnet email spoof to send an email "from" Vicky to each of the linking sites, gushing about how happy I (Vicky) was that they linked to her, and just to let them know I (Vicky) would be really happy if they'd update their links.
Reminds me of the time I was working at the Air Force Academy hospital in the basement warehouse in the mid 2000s. There were a few computers, and I wanted to mess with one of my coworkers (a senior airman) who was sitting at the desk in front of me.
There's a Windows command "net send" where you can make a pop up dialogue appear on a user's computer with a custom message. The problem was, I didn't know his exact username, so I did "net send * 'What's up dog??'". The dialogue popped up on his computer, he looked confused, and I was giddy. So I went further and sent a few more, including "You suck at computers" and "Your computer has been infected with a virus, sucka". It wasn't until a few minutes later when some visibly distressed IT personnel rushed into the warehouse and started interrogating people and checking the computers one by one that I realized something was terribly, terribly wrong. Apparently the dialogues were popping up on every single computer in the entire hospital, including the commander's (a full colonel).
I'm sure there would have been more disciplinary action had I not been a high school civilian intern. Everyone started calling me "Neo" from then on, but in a derogatory way.
I use telnet ip.add.re.ss 25 pretty much daily as you descibe (but EHLO these days). Sometimes you come across systems that don't have "swaks" or "exim -bhc" to hand.
A couple of days ago I used it to quickly prove to myself that SPF really is bloody useless against spam. Set "MAIL FROM:" to nothing which implies that the mail server itself is transmitting and is perfectly valid: that is how bounce messages are sent. What will happen is that the receiving SMTP daemon will not have an email address to test for SPF (it will only test envelope from which is what comes after the MAIL FROM: command) With no email address to test it tests the mail server itself and the spammer has set up SPF for their own email server's domain and hence pass the test. They will set the FROM: header to whatever they like in the DATA phase and that is what your MUA (Outlook probably sigh) will display. So the end result is your end user gets an email that appears to come from someone they know and it will pass SPF tests. DKIM and DMARC/ARC will help mitigate (DMARC adds a bit of excitement to mailing lists) as will a proper spam scanner like rspamd or spam assassin or some decent ACLs in Exim int al but SPF on its own is absolutely rubbish.
> In an interview with the student newspaper, the student decried, "I didn't think it would work!"
This reminds me of an interview with RMS[1]
Our way of dealing with kids coming in over Arpanet was to socialize them. We all participated in that. For example, there was a command you could type to tell the system to shut down in five minutes. The kids sometimes did that, and when they did we just cancelled the shutdown. They were amazed. They would read about this command and think, surely it’s not going to work, and would type it—and get an immediate notification: ‘The system is shutting down in five minutes because of . . . ’
We grow up with a lot of rules, and many people learn that the rules have no real force this way. You can literally do anything. The real question can become, would anyone want to be friends with someone who would do anything? We are social animals, so this idea should be important.
Looking around the Internet, it seems like most people never "get it" though...
Not a loop from hell, but let's not stop the procrastination loop: The 500 miles sendmail story still fascinates me, to this day: http://web.mit.edu/jemorris/humor/500-miles
I thought of this story a few weeks ago when I was using VS Code on an old machine and couldn't get the linter to work on longer files. Very similar problem and solution.
At work, we had a mail loop once; a girl from accounting had ordered toner for our printers last thing before she went on vacation and enabled an auto reply on her mailbox.
Five minutes after she left the office, the order confirmation arrived, sent from [email protected]. Her mailbox sent an auto-reply. Our mail server sent her an error message, telling her that her reply had not been delivered. To which her mailbox happily replied with the same auto-reply mail...
When I walked into the office on Monday, her mailbox had accumulated around 50,000 of those mails. Fun times.
In the early days of "exchange" ... the email client. I discovered auto replies.
Very first thing I thought of was "What if two clients have auto replies set?"
So naturally I set one up, my cube neighbor set one up. I sent an email to my cube neighbor ... and fairly quickly email was down company wide for a good afternoon.
I once (accidentally) setup a mail group with itself as a member.
Everything was fine until the first message came in, and a few minutes later I hear "Uh, why do I have 5,000 new emails?" "Woah, I have 9,000", "Oh, mine is at 15,000 now!".
I don't remember what it got up to before we managed to get into the now-very-slow mail server to fix it, but it was in the hundreds of thousands. Luckily it was only internal mailboxes.
I've got a client with an automated ticketing system that loves to get into mail loops with our automated ticketing system. They keep confirming that they've received a reply or update to the previous ticket and a single inquiry can rattle back and forth dozens of times.
Back when I was working at an SMS related company I managed to accidentally infinite loop sending myself text messages. The aggregator and AT&T had no issues, but my iPhone became completely unresponsive to touch as I saw the notification badge quickly ramp up from 1 to tens of thousands. If I remember correctly I had to wait a few hours for the messages to be delivered and processed by the phone and then wiped my device.
>So those 15,000,000 email messages collectively consumed 195,000,000,000 bytes of bandwidth. Yes, 195 gigabytes of bandwidth bouncing around between the email servers.
I once made a mistake, but it wasn't a just a loop, it was recursive. I was working in an old version of FOCUS, a reporting language, mixed with DCL. (This was a VMS environment)
The details are fuzzy now, but IIRC I misplaced a single "GOTO" line of code. The result was doubly recursive: Each person on the list got the message once for every person on the list, with the content of previous recipients concatenated to the message.
So: person 1 got the message once. Then person 1 & 2 got the message again, only person 2's content was appended to person 1. The person 1, 2 & 3 got the message, with 3 appended to 2, and 2 & 3 appended to 1, and so on.
I was very lucky that it was an old VMS environment with low disk quotas, so my "sent" folder ballooned before the full list could run. I think I got through about 130 recipients, which came out to about 8000 messages.
Not the same kind of loop, but a few years ago I had to quickly fix email sending in some PHP service. Being rusty in PHP, I at least managed to write a for loop iterating over the list and send mails. Or so I thought. I had forgot "$" in front of the "i" in the for-header, making it never terminate, since of course that's still valid php.
Luckily it was only my private email in the test-list. But I still got so many thousands of mails my Gmail account was blocked for days. Also lucky this didn't affect the delivery of our future mail (not blacklisted).
There was a time when overnight I received 200 copies of an email in my inbox. The emails were sent manually, typos, delays and all. Very industrious individual.
I was discussing this with a colleague of mine the next day and it transpired that they'd recently taken delivery of two DEC Alpha workstations. They were both sitting on his desk, being configured for actual work.
We set up a system using .forward files where DEC Alpha 1 would forward an email to DEC Alpha 2. On DEC Alpha 2 we set up the same in reverse.
We sent an email to DEC Alpha 1 and CC'd in our individual.
We let it run for 5 seconds.
In that time the two workstations, doing nothing other than sending email, managed a combined 25k of messages.
We never did hear from that person again.
These days when I think back about that, it was probably one of the early DOS attacks. We were a little shocked how well it worked.
An e-mail request is sent to a marketing e-mail service. For a specific e-mail notification, we do not receive a confirmation from the marketing e-mail service that the e-mail reached the recipient. So our service re-sends the e-mail.
This goes on for several days. It turned out a filter did not let the notification reach our end. By the time we figured it out, someone received thousands of the same marketing e-mail.
You can still do stuff like that today. My friend broke Yahoo and gmail. Unfortunately, we didn't document the procedure very well, so the following, from my personal notes on the incident, (with handles changed to protect my friend) is all I got:
How name_surname broke yahoo mail (and also gmail)
==================================================
- 21/03/17
> She doesn't quite remember what she did exactly but:
a) She went into [email protected] and added another yahoo mail box-
[email protected].
b) This didn't seem to work (?) so she went into [email protected]
and added [email protected] as a mailbox.
c) Then she went into gmail and added [email protected] to it
d) And finally she imported mail and contacts from both yahoo accounts
into gmail.
> The result: in [email protected] you can see the [email protected]
mailbox which contains a [email protected] mailbox, which contains an
[email protected] mailbox, but also [email protected] contains a
mailbox called [email protected] and [email protected] contains a
mailbox called [email protected]. And in gmail, all the email
imported from [email protected] and [email protected] have a very
long listing of all the mailboxes in which they exist, which is the two
yahoo mailboxes repeated several times. That's _many_ times.
> Of course, when she tried to delete the mailboxes, whereas she only had
5 messages it looked like there were 35. They were all duplicates,
obviously.
It’s hard to read on mobile due to your formatting, but based on knowledge I have of both (and lack of details in your story), I think the most your friend can claim is “broke my ymail/gmail”, not broke either service.
Somebody managed to find a low level PDL that referenced nearly everyone in the company globally. Just the reply-all "I'm not sure this as anything to do with me, please take me off your DL" mails forced the servers to be taken down and nearly five hours of global mail handling was wiped clean... it was about seven hours before accounts started acting normally again. Sorta amusing from the random employee view.
This sort of thing was surprisingly common at my old job. Someone would find a list that seemed relevant, ask a question on it, and not realize the list had as a sublist something like basically all of software engineering. Then people would reply-all to that asking to be taken off the list that they didn’t need to be on…
A few years back I had mail to an address forwarding to a team at a different company. It was used to cc them on tickets, basically so they could make changes on their side when certain requests came in. At some point they decided to forward these directly into their own ticket system. Each email from our ticket system would forward and land in their own ticket system that would strip off the identifiers from our ticket system and create a new ticket which would reply to our ticket system, creating a new ticket on our side and so on. Unfortunately that queue on our side wasn’t in use by humans so no one saw the exponential mail storm building. Many mail servers have relay loop detection based on IDs in the headers but reply loops are a different beast. Once we realized what was going on it was simple enough to black hole the various addresses involved but it was pretty cool to watch our ticket and mail systems DOSing each other in real time.
I knew immediately .forward files were involved, before I even read it. I had done something similar and brought down my college's email system back in the 80's.
When I set up an autoresponder in my .sieve file, I specify ":days n", where "n" is the minimum number of days between allowing an autoresponse to be sent to the same address.
This isn't fool proof though. It would fail if the other side of the loop didn't have a similar defense, and also sent each email response from a different address.
[+] [-] suzzer99|7 years ago|reply
A handful people replied to the entire company w/o realizing it - stuff like "Well I'm in California, I don't have to worry about it. Ha!".
I think it would have ended there. But some grumpy programmer in NYC of course decided to reply "People. Stop replying-all!" One would think being a programmer he'd be smart enough to reply to just the people who had unintentionally spammed the whole company. But no. He spammed the whole company.
And after that it was on. Dozens of emails a minute. Tons of replies like "Please take me off this list." Tons more grumpy people complaining. Big bosses pulling rank "Ok I am Vice President of muckety muck and we need to stop this replying all right now!" And the best: "Stop replying all to everyone to tell them to stop replying all!" - replied to all of course. O_o
It didn't help that a lot of people worked in labs and shared computers. So they'd log on and see a ton of emails w/o knowing what happened. By the end of the week it finally died down. Then the next Monday people came back from vacation, saw 500+ emails, and of course asked to be taken off the list. This went on for weeks before it finally trickled to a halt.
Why anyone was allowed to spam the entire company, or the address couldn't be blocked, I have no idea. I was tempted to use it to fish for a tennis partner. And then apologize and claim ignorance of course.
[+] [-] samprotas|7 years ago|reply
My theory was, when they switched from LotusNotes to Outlook, they never ported over years of worth of experience encoded in user permissions. At least that fits well with the warning people always give about re-writing legacy software....
[+] [-] theoh|7 years ago|reply
It's probably because he felt that he was in a position of expertise and authority that he tried to pre-empt the problem by telling everyone not to reply to the list. One last message to all, then the problem would be definitively solved, or so the logic would go.
[+] [-] delinka|7 years ago|reply
In a recent experience, I Replied to All (in BCC) to explain how BCC works and all the replies to my email stayed off the list.
[+] [-] WeAreGoingIn|7 years ago|reply
[+] [-] gerdesj|7 years ago|reply
https://www.theregister.co.uk/2017/01/31/nhs_reply_all_email...
[+] [-] ndesaulniers|7 years ago|reply
[+] [-] bryanrasmussen|7 years ago|reply
[+] [-] ineedasername|7 years ago|reply
It was the late 90's. Email systems were generally wide open for exploitation. (It was the golden age of Spam)
I myself had figured out that it was trivial to send a message and make it look like it came from anyone. Simple:
I used this a few times to mess with friends, send them messages from God, etc. Good times.Thing is, I wasn't the only one who'd figured this out, and the university had an "All Users" list with only 3 or 4 people whitelisted to send it messages.
Someone else knew about the forged FROM scheme, and speculated that the "All Users" list didn't do any fancy verification of the "From" address.
This speculation was correct. And the University President was one of those 3 or 4 people whose email address was whitelisted.
The problem for this student was that they thought to themselves, "No, it couldn't be that easy..." And proceeded to send a test message.
It was that easy, and their test message sent successfully. The contents were... explosive. First, it cancelled all classes for the day (of course). Had it stopped there, this story might have ended as just an ultimately harmless prank. But it went further.
The message went on to describe how the president, with this free time from classes, would make herself available to provide, um, carnal knowledge of a very uncomfortable place at a particular time & location.
It didn't take long. IP addresses were statically assigned. It was easy to locate the offending computer, which in this case was in a computer lab.
So, cross reference login times against that IP address, right? Nope, not necessary: The computer was the one reserved only for the lab assistant on duty. Expulsion was rapid. In an interview with the student newspaper, the student decried, "I didn't think it would work!"
[+] [-] pugworthy|7 years ago|reply
"rwav.com" had previously been owned by a small ISP, and their most famous hosted site was for "Vicky the Bodybuilder". We knew this because we'd see hits for her page all the time.
I emailed top few sites that were linking to the old Vicky address, letting them know the site had moved, and nobody changed their addresses.
So then I got Vicky's real email, and used the above telnet email spoof to send an email "from" Vicky to each of the linking sites, gushing about how happy I (Vicky) was that they linked to her, and just to let them know I (Vicky) would be really happy if they'd update their links.
It worked.
[+] [-] umvi|7 years ago|reply
There's a Windows command "net send" where you can make a pop up dialogue appear on a user's computer with a custom message. The problem was, I didn't know his exact username, so I did "net send * 'What's up dog??'". The dialogue popped up on his computer, he looked confused, and I was giddy. So I went further and sent a few more, including "You suck at computers" and "Your computer has been infected with a virus, sucka". It wasn't until a few minutes later when some visibly distressed IT personnel rushed into the warehouse and started interrogating people and checking the computers one by one that I realized something was terribly, terribly wrong. Apparently the dialogues were popping up on every single computer in the entire hospital, including the commander's (a full colonel).
I'm sure there would have been more disciplinary action had I not been a high school civilian intern. Everyone started calling me "Neo" from then on, but in a derogatory way.
[+] [-] gerdesj|7 years ago|reply
A couple of days ago I used it to quickly prove to myself that SPF really is bloody useless against spam. Set "MAIL FROM:" to nothing which implies that the mail server itself is transmitting and is perfectly valid: that is how bounce messages are sent. What will happen is that the receiving SMTP daemon will not have an email address to test for SPF (it will only test envelope from which is what comes after the MAIL FROM: command) With no email address to test it tests the mail server itself and the spammer has set up SPF for their own email server's domain and hence pass the test. They will set the FROM: header to whatever they like in the DATA phase and that is what your MUA (Outlook probably sigh) will display. So the end result is your end user gets an email that appears to come from someone they know and it will pass SPF tests. DKIM and DMARC/ARC will help mitigate (DMARC adds a bit of excitement to mailing lists) as will a proper spam scanner like rspamd or spam assassin or some decent ACLs in Exim int al but SPF on its own is absolutely rubbish.
[+] [-] geocar|7 years ago|reply
Like the back of a volkswagen?
> In an interview with the student newspaper, the student decried, "I didn't think it would work!"
This reminds me of an interview with RMS[1]
Our way of dealing with kids coming in over Arpanet was to socialize them. We all participated in that. For example, there was a command you could type to tell the system to shut down in five minutes. The kids sometimes did that, and when they did we just cancelled the shutdown. They were amazed. They would read about this command and think, surely it’s not going to work, and would type it—and get an immediate notification: ‘The system is shutting down in five minutes because of . . . ’
We grow up with a lot of rules, and many people learn that the rules have no real force this way. You can literally do anything. The real question can become, would anyone want to be friends with someone who would do anything? We are social animals, so this idea should be important.
Looking around the Internet, it seems like most people never "get it" though...
[1]: https://newleftreview.org/II/113/richard-stallman-talking-to...
[+] [-] fatnoah|7 years ago|reply
What? Like the back of a Volkswagen? (Obligatory Mallrats reference)
[+] [-] Thibaut1|7 years ago|reply
[+] [-] nisa|7 years ago|reply
there is even a faq: http://www.ibiblio.org/harris/500milemail-faq.html
[+] [-] justwalt|7 years ago|reply
[+] [-] WeAreGoingIn|7 years ago|reply
[+] [-] krylon|7 years ago|reply
Five minutes after she left the office, the order confirmation arrived, sent from [email protected]. Her mailbox sent an auto-reply. Our mail server sent her an error message, telling her that her reply had not been delivered. To which her mailbox happily replied with the same auto-reply mail...
When I walked into the office on Monday, her mailbox had accumulated around 50,000 of those mails. Fun times.
[+] [-] duxup|7 years ago|reply
Very first thing I thought of was "What if two clients have auto replies set?"
So naturally I set one up, my cube neighbor set one up. I sent an email to my cube neighbor ... and fairly quickly email was down company wide for a good afternoon.
[+] [-] gregmac|7 years ago|reply
Everything was fine until the first message came in, and a few minutes later I hear "Uh, why do I have 5,000 new emails?" "Woah, I have 9,000", "Oh, mine is at 15,000 now!".
I don't remember what it got up to before we managed to get into the now-very-slow mail server to fix it, but it was in the hundreds of thousands. Luckily it was only internal mailboxes.
[+] [-] astrodust|7 years ago|reply
[+] [-] rement|7 years ago|reply
[+] [-] jtokoph|7 years ago|reply
[+] [-] minikites|7 years ago|reply
>So those 15,000,000 email messages collectively consumed 195,000,000,000 bytes of bandwidth. Yes, 195 gigabytes of bandwidth bouncing around between the email servers.
[+] [-] bradknowles|7 years ago|reply
Almost as good as breaking all internet e-mail for the whole world in August of 1996: https://www.theregister.co.uk/2018/04/16/who_me/
[+] [-] ineedasername|7 years ago|reply
The details are fuzzy now, but IIRC I misplaced a single "GOTO" line of code. The result was doubly recursive: Each person on the list got the message once for every person on the list, with the content of previous recipients concatenated to the message.
So: person 1 got the message once. Then person 1 & 2 got the message again, only person 2's content was appended to person 1. The person 1, 2 & 3 got the message, with 3 appended to 2, and 2 & 3 appended to 1, and so on.
I was very lucky that it was an old VMS environment with low disk quotas, so my "sent" folder ballooned before the full list could run. I think I got through about 130 recipients, which came out to about 8000 messages.
[+] [-] maaaats|7 years ago|reply
Luckily it was only my private email in the test-list. But I still got so many thousands of mails my Gmail account was blocked for days. Also lucky this didn't affect the delivery of our future mail (not blacklisted).
[+] [-] ob2|7 years ago|reply
I was discussing this with a colleague of mine the next day and it transpired that they'd recently taken delivery of two DEC Alpha workstations. They were both sitting on his desk, being configured for actual work.
We set up a system using .forward files where DEC Alpha 1 would forward an email to DEC Alpha 2. On DEC Alpha 2 we set up the same in reverse.
We sent an email to DEC Alpha 1 and CC'd in our individual.
We let it run for 5 seconds.
In that time the two workstations, doing nothing other than sending email, managed a combined 25k of messages.
We never did hear from that person again.
These days when I think back about that, it was probably one of the early DOS attacks. We were a little shocked how well it worked.
[+] [-] greendesk|7 years ago|reply
An e-mail request is sent to a marketing e-mail service. For a specific e-mail notification, we do not receive a confirmation from the marketing e-mail service that the e-mail reached the recipient. So our service re-sends the e-mail.
This goes on for several days. It turned out a filter did not let the notification reach our end. By the time we figured it out, someone received thousands of the same marketing e-mail.
[+] [-] tuzakey|7 years ago|reply
[+] [-] YeGoblynQueenne|7 years ago|reply
[+] [-] jsjohnst|7 years ago|reply
[+] [-] mixedmath|7 years ago|reply
Thank you for the link, and for the post on your site.
[+] [-] zentiggr|7 years ago|reply
[+] [-] saagarjha|7 years ago|reply
[+] [-] brazzledazzle|7 years ago|reply
[+] [-] brian_herman__|7 years ago|reply
[+] [-] dbrgn|7 years ago|reply
[+] [-] stcredzero|7 years ago|reply
[+] [-] pbiggar|7 years ago|reply
[+] [-] mike-cardwell|7 years ago|reply
This isn't fool proof though. It would fail if the other side of the loop didn't have a similar defense, and also sent each email response from a different address.
[+] [-] jpmoyn|7 years ago|reply
[+] [-] blakesmith|7 years ago|reply