Recently, I was asked if I could host a mailing list for a non-profit organization. Of course I told them yes. There has been a lot of back and forth discussion over six months or so to get things configured “just so”. Well. Things were not configured “just so”.
The thing is, all of the people whose email addresses we used were on a list provided by a governmental agency. Two things had to happen for someone’s email address to make it to this list: they had to actually provide it to the agency in the first place, they had to leave a box empty next to words similar to “do not share my email address publicly.” In other words, if you didn’t want your name and information to make it to this list you had to specifically ask that the information not be shared. I have filled out this application – and marked do not share. So my own information is on the full list but not on the publicly released list. And companies use this list for marketing and other purposes every single day.
This day was unlike any other day though. When the first email hit the wire (it was sent using Mailman mailing list software) I noticed a substantial slowdown of this server (well the server that this one replaced) immediately. The list had 21,000 email addresses on it. I was seeing loads of over 20, spiking at well over 30. When the load is at 5 things start to slow down. For a little perspective the load (as I write this) on the new machine is 0.00 0.03 0.00. There is one configuration check box on Mailman that would have made this an announce only list – which is what it really was being used as. That box was not checked.
Most normal people, me – and I hope you – would have treated this as an email to discard if you had no interest in the subject matter (it was for continuing education) and clicked on delete or even marked it as spam on their email program. Most normal people would have even recognized which list their email address was on due to the subject matter. In a group of 21,000 you will get folks from the whole spectrum. And maybe just a little less than normal. What actually happened was a few people hit reply (did I mention that the sender’s address was stripped and replaced by the mailing list alias?) Each reply of “take me off your list” went to 21k people. The cascade was at times humorous and at times sad. A simple, “hey would you stop sending me these emails?” was responded to by “I’m not sending you emails, I’m getting them too.” Times 21k.
One, very abnormal induhvidual, did the very clever thing of responding to each of the other eight or twelve responses with profanity and threats. The threats were mildly amusing in the amount of effort it took to track down names of people he felt were responsible and who might have influence. He called business offices of members of the board for the non-profit. He tracked my domain registration information and threatened to have my registrar “shut me down” on my voice mail. Well. I think he was smart enough to annoy people, but not smart enough to understand the law. The email, while annoying, did not reach the legal definition of “spam”. Yes, I have a lower tolerance for what I would consider spam, but we were well within the legal limits and only actually sent one email. It was the people clicking on reply who added to the storm. Yes, the list was misconfigured and should never have been set to allow posts by anyone other than the list administrator. I click delete on so many unwanted emails, I mark the ones that are clearly spam (made up addresses on my domain that come to the catchall address – I even have a few addresses sprinkled around this site to catch the bots) and shuffle them off so Spamassassin can learn from them. I don’t respond. If this were real spam, the act of responding is the real problem. Now someone knows the inbox gets read.
It took some fast typing on my part to get the machine wrestled into a more manageable state. I eventually set the list into emergency moderation mode (via command line – the web interface was non-responsive) and we started the cleanup process of not only the list, but of the server itself.