Date: Thu, 24 Feb 2000 11:13:45 -0500 (EST) From: BCPL.NET SysAdmin To: BCPL.NET News Subject: BCPL.NET NEWS: Mail Problem -------------------------------------------------- MAILBOMB BRINGS BCPL.NET MAIL SYSTEM TO STANDSTILL -------------------------------------------------- In the evening of Wednesday, February 23, our mail system was brought to a standstill by a customer who mailbombed himself. Normally the term "mailbomb" refers to a form of denial of service (DOS) attack where someone intentionally sends thousands of e-mails in quick succession to a site, with the intention of overloading the mail system at that site and/or overloading the mailbox of a specific user at that site. In this case, however, we believe the mailbombing was inadvertent. The BCPL.NET customer was using a "FAX by e-mail" service on the Internet to send several thousand FAXes. To use such services you send specially formatted e-mail to the service, which then FAXes it to the final destination. The FAX service then sends you a status report by e-mail. In this case it looks like the customer was using an Internet account elsewhere, not his BCPL.NET account, to send the FAXes, but we're not yet sure about that. However the FAX service was sending thousands of status reports (one for each FAX sent) to his BCPL.NET address. Taken by itself, it's almost comical. The guy mailbombed himself, for Pete's sake! Not too bright! But the consequences for the rest of our customers were far from comical. The status reports from the FAX service were coming in so fast over a two-hour period that the mail system literally ground to a halt. If you were trying to collect your e-mail with a POP3 mail program (Outlook, Eudora, Netscape, or whatever) your mail session timed out without collecting any mail. If you tried again, you got a "POP lock" error because the POP3 server thought you already had a POP mail session running. If you were using Pine, it took forever for your Inbox to open (if it opened at all). If you wrote a message, it took forever for Pine to send it. At the height of the crisis, it may have taken UNIX shell account users several tries to log in. It looks like the problem began somewhere around 7:00 PM, but I didn't become aware of it until shortly before 9:00 PM when the Help Desk called me at home to report that by then it was impossible to access e-mail. It took from then until about 2:00 AM to clean up the mess. Most of you will probably experience no after-effects. Those of you who got the "POP lock" error message during the crisis may see duplicate copies of some of your messages. This is because when I was restoring your mail I felt the possibility of giving you duplicates was preferable to the possibility of losing some of your mail. As you all know (you did read your Acceptable Uses form, didn't you?) using a BCPL.NET account for sending mass junk e-mail or "spam" mailings is strictly forbidden. Sending thousands of junk FAXes through a "FAX via e-mail" service is just another form of spam, so is forbidden. At the moment there is no evidence that the spam FAXes originated from the perpetrator's BCPL.NET account, so are not subject to our Acceptable Uses policy. However, to the BCPL.NET customer who initiated the FAXes and to anyone else thinking about using a FAX via e-mail service to send junk FAxes: o Junk FAXing is just another form of spamming, and spamming is forbidden by our Acceptable Uses policy. If we catch you using your BCPL.NET account to send any form of spam, your account will be terminated. o If you use a connection to another ISP for FAX spamming, please have enough sense to NOT give the FAX service your your BCPL.NET address as the e-mail address for status reports. If you send out thousands of junk FAXes, and if the FAX service sends you an e-mail message to acknowledge each one, you are going to receive thousands of e-mail messages in quick succession. It doesn't take rocket science to realize that is going to cause problems. At the very least your mailbox will fill up very quickly. At the worst it will bring down our mail system, as happened Wednesday night. o Over 8000 BCPL.NET customers depend on our mail system, and rightfully get very upset when it doesn't work. When something like this happens we will take what ever steps are required to protect the BCPL.NET mail system, up to and including disabling or even deleting the perpetrator's account. Whether or not you meant to bring down the mail system is beside the point. If you do bring it down, even inadvertently, we must do what ever is necessary to keep it running. BCPL.NET INTERNET SERVICES CONTACTS: ----------------------------------- Administration & Policy: ispadmin@bcpl.net 410-887-6180 Sales, Renewals, Account Status: accounts@bcpl.net 410-887-4172 Technical Support (Help Desk): help@bcpl.net 410-887-3297 Usenet News Newsgroup Requests news-admin@bcpl.net 410-887-6180 E-Mail & Newsgroup Abuse Reports: abuse@bcpl.net 410-887-6180 FAX: 410-887-2091 Help Pages: http://www.bcpl.net/help.html (or enter "help" at the UNIX shell prompt) System News Archives: http://www.bcpl.net/sysnews.html (or enter "sysnews" at the UNIX shell prompt)