¿ªÔÆÌåÓý

  1. GroupManagersForum
  2. Messages
Expanded Topics Messages Polls
Date
Re: Is there a way for subgroup members to message other subgroups? #subgroups

 

Deb,

>>> you can check the "Allow Parent Members to Post" box.

Shal's suggestion should do what you want, because it allows any parent group member to send messages to any subgroup (that now has that setting ON), so a member of one committee subgroup can now send a message to any other subgroup with that option ON.? However, because of that, the small potential side-effect of this setting is that, provided that they know the posting email address, anyone in the parent group can now post to the subgroup(s) (not just the committee/subgroup members).? So even if the subgroups may have private archives, if they are listed in the parent group, it's easy for anyone to find out the posting address.? But even if the subgroups are not "publicly" listed in the parent group, one can still send a message to them with this setting on.? So if you want to avoid the potential "anyone" part, reset the posting permissions on the subgroups to Moderated, and reset the posting permissions of the subgroup/committee members to Override:Can Post, for the subgroups you turn this setting on.? This will keep the uninterrupted flow of messages within the group and group members, but anyone else who posts will land in the Moderation queue.? This way you can catch and prevent possible cross-contaminated postings or non-subgroup members which shouldn't be posting in a particular subgroup.

Think of it this way:? Beforehand, you had 5 rooms where committees met in closed-door meetings.? In order for a member from one committee/room to present somethng to another one, they would have to physically leave one room and go to another, open the door, go in, close the door, do their biz.? Now, they don't, all they have to do is slide the presentation material under the door without having to physically go in.? However anyone else in the office can do the same, so you now have someone that pre-checks whatever is slid under the door, to ensure it is related to the committee, before presenting it.

Cheers,
Christos
Re: People are asking me to remove them from my group....but they are not members!

 

On Wed, Nov 4, 2020 at 10:52 AM, Bernardino wrote:
?Que es un?spambots?
a computer program that collects email addresses from the internet in order to send spam (= unwanted emails) to them

un programa inform¨¢tico que recopila direcciones de correo electr¨®nico de Internet para enviarles spam (= correos electr¨®nicos no deseados)

Bruce
Check out the groups.io Help Center?and?groups.io Owners Manual
Re: People are asking me to remove them from my group....but they are not members!

Bernardino
 

Perdonen mi ignorancia.?

?Que es un?spambots?.?

Soy nuevo en la materia.

En mi¨¦rcoles, 4 de noviembre de 2020 06:35:09 CET, Shal Farley <shals2nd@...> escribi¨®:


Mark,

> Adem¨¢s, no s¨¦ c¨®mo se est¨¢n registrando los servicios de asistencia de las empresas:
> Todas las listas requieren un correo electr¨®nico de confirmaci¨®n para que quien las registre
> de alguna manera tenga acceso al correo electr¨®nico de confirmaci¨®n.

No necesariamente.

Si todo lo que se requiere es una respuesta al correo electr¨®nico de confirmaci¨®n, eso podr¨ªa
suceder autom¨¢ticamente como parte de la respuesta del servicio de asistencia a cualquier caso nuevo.

El truco, si esto lo hace un malcontento / bromista, es falsificar la
direcci¨®n del servicio de asistencia como la direcci¨®n De en una solicitud de suscripci¨®n a la
lista. Dicha falsificaci¨®n sol¨ªa ser bastante f¨¢cil con la mayor¨ªa de las cuentas de correo electr¨®nico de ISP,
aunque muchos se han endurecido en la ¨²ltima d¨¦cada.

Puede hacerlo mediante un spambot de direcciones aleatorias si la lista tiene una
direcci¨®n de correo electr¨®nico separada para la suscripci¨®n (como la direcci¨®n de suscripci¨®n + de un
grupo de Groups.io). Si el spambot tiene tanto la direcci¨®n del servicio de asistencia t¨¦cnica como la
direcci¨®n de suscripci¨®n a la lista en su colecci¨®n, entonces es solo cuesti¨®n de
tiempo antes de que env¨ªe un mensaje de correo no deseado (virus, phishing, malware, etc.) A:
la direcci¨®n de suscripci¨®n de la lista De: el servicio de asistencia habla a.

En el ¨²ltimo caso, no hay otra intenci¨®n que la amplia distribuci¨®n
del mensaje de correo electr¨®nico no deseado inicial. El resto son solo aut¨®matas que se golpean
entre s¨ª. La falla principal es que (aparentemente) ni el
software de la lista ni el software del servicio de asistencia hicieron suficiente autenticaci¨®n de los
mensajes entrantes.

Hace una d¨¦cada y media, este problema casi inutilizaba los Grupos de Yahoo
antes de que Yahoo implementara la cantidad m¨ªnima de autenticaci¨®n necesaria
(DNS inverso) para rechazar los mensajes entrantes de los spambots.

Pero en estos d¨ªas no me sorprender¨ªa saber si eso ya no fuera
suficiente: muchos spammers est¨¢n usando cuentas de correo electr¨®nico comprometidas en
servicios leg¨ªtimos para enviar spam. Por lo general, no pueden falsificar la direcci¨®n De
en ese caso, pero tal vez haya algunos servicios laxos que no
restrinjan esa capacidad.

Shal


-
Ayuda: /helpcenter
M¨¢s ayuda: /g/GroupManagersForum/wiki
A¨²n m¨¢s ayuda: bot¨®n de b¨²squeda en la parte superior de la lista de mensajes


- = - = - = - = - = - = - = - = - = - = - = -
Groups.io Enlaces: Recibes todos los mensajes enviados a este grupo.
Ver / Responder en l¨ªnea (# 34816): /g/GroupManagersForum/message/34816
Silenciar este tema: /mt/78009416/3974073
Propietario del grupo: GroupManagersForum + [email protected]
Darse de baja: /g/GroupManagersForum/leave/defanged [ bernarsua@... ]

-=-=-=-=-=-=-=-=-=-=-=-
Re: Automated welcome message to subscribers of a new subgroup?

[email protected]
 

Case closed.

I was able to test it
Re: Automated welcome message to subscribers of a new subgroup?

 

I have a second GIO account with a separate gmail address that I use for testing. It's been very helpful.

Pete
Re: Automated welcome message to subscribers of a new subgroup?

[email protected]
 

Is there a way I can test it?

Regards,
Michael W Jones
Re: Photos and Files in the 1G frre grouip

 

On Tue, Nov 3, 2020 at 10:25 PM, billsf9c wrote:
Albums, Photos, Attachments, Files.and more, all exist and arenalive and well, in IO...
But not on newly created groups, unless they upgrade to premium.

Duane
--
The official Groups.io user documentation is in the Groups.io Help Center.
GMF's Unofficial Help Wiki: /g/GroupManagersForum/wiki
Re: People are asking me to remove them from my group....but they are not members!

 

¿ªÔÆÌåÓý

Shal,

On 04/11/2020 05:33, Shal Farley wrote:
Mark,

> Also, I don't know how the companies' helpdesks are getting signed up:
> All the lists require a confirmation email so whoever signs them up
> has to somehow have access to the confirmation email.

Not necessarily.

If all that is required is a reply to the confirmation email that could happen automatically as part of the helpdesk's response to any new case.

Good point. This is a possibility and I've been foolish not to think of it!

You are correct. See below.

The trick, if this is done by a malcontent/prankster, is to forge the helpdesk's address as the From address in a subscribe request to the list.

Most Mailman lists allow initial signup via web. You can of course enter any email address you wish in the web form.

This results in an authentication email being sent to the given address with a "confirm <authcode>" string in both the Subject and message body. All that the receiver has to do is to reply to the message and include the "confirm <authcode>" string anywhere in the message body and/or Subject and the email address will be successfully signed up.

Thus, as you say, if the helpdesk software automatically replies to any new email it receives (which most do) then it is trivial to fraudulently sign them up to any Mailman 2 mail list. (I say Mailman 2 because I've not confirmed whether or not this vulnerability still affects Mailman 3).

It could be done by a random-address spambot if the list has a separate email address for subscription (like the +subscribe address of a Groups.io group).

The initial signup could also be done with a web bot, since most MM2 mail lists have exactly identical layouts to the signup page.

it is only a matter of time before it sends a spam (virus, phishing, malware, etc.) message To: the list's subscribe address From: the helpdesk address.

What I have observed is that no spam or malware of any sort seems to be sent to the mail lists using this method. Indeed, there's no point signing up an innocent company's helpdesk in order to send spam/malware to a mail list since anyone can sign up to the mail list anyway with a disposable email address and send spam/malware that way if they want.

If this thing is an attack then it is definitely an attack on the companies (or the companies' helpdesks). I.e. It would seem to be a very feeble DoS attack against the helpdesks.

Thanks for causing me to think it through properly. :-)


-- 
Mark Rousell
Re: Photos and Files in the 1G frre grouip

 

¿ªÔÆÌåÓý

Can you please confirm whether you are talking about creating a new free group now, or using the free group you started in 2018?

Frances

On Nov 3 20, at 1:43 PM, Stan Gorodenski <stanlep@...> wrote:

I need to create a group for a small group of automobile enthusiasts. I could not find a good description of the features in the??web site for the free 1G group. I know there have been changes made since I created my group in 2018. Since the free group has 1G of space, I assume this means photos and files can still be attached to a post/email message. I know that photo and file albums do not exist anymore.
Stan


--
GMF wiki for help.?Search box at the top of each page.

Check out the?new groups.io Help Center??Use your browser to search or download?the PDF.
Re: Photos and Files in the 1G frre grouip

 

Stan,

The spreadsheet only seems to indicate what is available for 'albums'
which does not answer my question.
The spreadsheet doesn't mention 'albums', so I'm not clear on why you haven't found your answer. Anyway, going back to your original post:

Since the free group has 1G of space, I assume this means photos and
files can still be attached to a post/email message.
Correct. Also images can be embedded in message bodies.

I know that photo and file albums do not exist anymore.
That's only the case for Basic groups created after August 24th. Those created earlier retain those features (and many others).

Shal


--
Help: /helpcenter
More Help: /g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list
Re: Photos and Files in the 1G frre grouip

 

I could not find anything that addresses whether photos can be attached to email messages. Since no one knows with a simple answer I'll create the group and find out if this exists. Probably what I should have done from the beginning.
Re: Photos and Files in the 1G frre grouip

 

The spreadsheet only seems to indicate what is available for 'albums' which does not answer my question.
Re: People are asking me to remove them from my group....but they are not members!

 

Mark,

Also, I don't know how the companies' helpdesks are getting signed up:
All the lists require a confirmation email so whoever signs them up
has to somehow have access to the confirmation email.
Not necessarily.

If all that is required is a reply to the confirmation email that could happen automatically as part of the helpdesk's response to any new case.

The trick, if this is done by a malcontent/prankster, is to forge the helpdesk's address as the From address in a subscribe request to the list. Such forgery used to be quite easy with most ISP email accounts, though many have tightened up on this in the last decade or so.

It could be done by a random-address spambot if the list has a separate email address for subscription (like the +subscribe address of a Groups.io group). If the spambot has both the helpdesk address and the list subscribe address in its collection then it is only a matter of time before it sends a spam (virus, phishing, malware, etc.) message To: the list's subscribe address From: the helpdesk address.

In the latter case there is no intent other than the wide distribution of the initial junk email message. The rest is just automatons beating on each other. The primary fault is that (apparently) neither the list software nor the helpdesk software did sufficient authentication of the incoming messages.

A decade and a half ago this problem nearly made Yahoo Groups unusable before Yahoo implemented the minimal amount of authentication needed (reverse DNS) to reject incoming messages from spambots.

But these days it wouldn't surprise me to find if that were no longer sufficient: a lot of spammers are using compromised email accounts at legit services to send spam. Usually they can't forge the From address in that case, but maybe there are some lax services out there that don't restrict that ability.

Shal


--
Help: /helpcenter
More Help: /g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list
Re: People are asking me to remove them from my group....but they are not members!

 

¿ªÔÆÌåÓý

On 03/11/2020 15:18, Cleveland Park Editor wrote:

Only one of the six responded by forwarding a message, which showed a different AOL.com email address as the intended recipient. I looked up that email address in our membership records. There appeared to be nothing out of the ordinary in that member¡¯s subscription. No bounces, and the last message sent out to the group was shown to have been received without problem. So ?I wrote to that member and asked whether they were receiving the group¡¯s messages normally (they¡¯re subscribed to single messages) and let them know that a non-member had received at least one of their emails. I¡¯d like to find out whether the non-member received a duplicate or whether the actual subscriber is missing any emails. That list member has not written back.

There is a certain (limited) similarity between what you are experiencing and what has been happening on some public mail lists (mostly Mailman based I think) over the last year or so. Here is what happens:

(1) Somehow, I do not know how, a legitimate company's customer service email address is signed up to the mail list. In all cases that I have seen, the company is using some sort of CRM/helpdesk software (possibly outsourced, but I'm not sure).

(2) They start receiving messages from the mail list. This automatically generates response emails that are then sent either back to the mail list or to the individual message sender (depending on the mail list settings).

(3) In all cases where I have been bothered to engage, the customer service staff seem clueless. I have never received an intelligent reply and requests to pass it on to their IT people seem to fall on deaf ears. And yet I have been able to establish in all cases where I've looked that the companies are real, legitimate companies.

(4) They either (eventually) learn to read the footers and unsubscribe their email address from the list or the list admin eventually unsubscribes them (a lot of mail lists don't have very attentive admins).

In my experience this has happened over a number of unrelated technical mail lists with a variety of companies' customer service desks (from wholesale flower sellers to travel companies, in my experience).

I am at a loss to know what is going on. It looks like someone trying to carry out a rather feeble DoS attack against either the mail list or the company. Perhaps the companies are getting signed up to thousands of mail lists. I don't know.

Also, I don't know how the companies' helpdesks are getting signed up: All the lists require a confirmation email so whoever signs them up has to somehow have access to the confirmation email.

Although Mailman is far from perfect, I do not know of any vulnerabilities in it that would let a non-admin user sign up a third party to a mail list unless they had access to the third party's incoming email.

So how does this compare with what is happening to you? It seems to me that there is a similarity in that someone, somewhere is redirecting emails to others without their permission. It's technically different and yet perhaps motives are similar (not that I know what such motives really are).



-- 
Mark Rousell
Re: Photos and Files in the 1G frre grouip

 

>?I know that photo and file albums do not exist anymore.
Stan

Albums, Photos, Attachments, Files.and more, all exist and arenalive and well, in IO...

BillSF9c
Re: Is there a way for subgroup members to message other subgroups? #subgroups

 

Deb,

Is there a way that one subgroup can send a message to another
subgroup"
Since all subgroup members are perforce members of the primary group, in the target subgroup's Settings page, on the Messages Policies panel, you can check the "Allow Parent Members to Post" box.

That won't restrict messages based on the subgroup(s) of the sending member, but may do what you need.

Shal


--
Help: /helpcenter
More Help: /g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list
Re: People are asking me to remove them from my group....but they are not members!

 

Peggy,

So I write back to each one ... and explain that their email address
is not signed up to get our messages, and ask them to forward to me
any messages they¡¯ve received from my group, so I can see the email
address of the actual subscriber.
Good move!

Only one of the six responded by forwarding a message, which showed a
different AOL.com email address as the intended recipient. ... So I
wrote to that member and asked whether they were receiving the group¡¯s
messages normally (they¡¯re subscribed to single messages) and let them
know that a non-member had received at least one of their emails. ...
That list member has not written back.
I'd be inclined to set the member to No Email (or Special Notices Only) until you arrive at a resolution.

My reason is to stop the delivery to the wrong address, however it is happening. I would not want that person to be marking the group's messages as spam, or taking other actions out of frustration.

I should add, my group has over 15,232 members, and it¡¯s time-
consuming to have to deal with this problem. I would like to get to
the bottom of it, so I'm not dealing with this every morning.
In a group that size I might just leave it at that, and wait for the member to contact me about what happened. Maybe calendar a note to myself to check on the member's settings in a week and see if he/she has set it back.

If you get answers from any the other five implicating the same member, or the first one gets additional messages and the member has turned their delivery back on, I might conclude the misdirection of messages was willful and take the further step of banning the member. At that point you and the member have to reach an understanding about what happened and how to prevent it.

In other groups I might try following up with the member a few times before giving up. That would be a judgement call based on how much support effort I want to give in that group.

Is this a glitch in the Groups.io system, or is it an AOL anomaly ¨C or
some combination of both?
I don't know, but either of those seem like a long shot. Delivery to the wrong Inbox would be a major failure for an email system.

I'm inclined to agree with Duane that the problem likely has to do with some action by the member, or by someone with access to the member's email account.

Shal


--
Help: /helpcenter
More Help: /g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list
Re: People are asking me to remove them from my group....but they are not members!

 

Peggy,

I ran into something odd a few months back that is 'similar'.? Found out that one of the people posting to the thread liked to CC more people in on the discussion? who were OUTSIDE the group.?

Thus, when they sent out a reply or started a new thread, the CCs got pulled in via the person's email program.

main@(yourgroupname).groups.io, fred@..., nancy@..., sally@..., etc

With the number of members you have, it's possible to have an oddity like this happen.

Also, emails can be setup as email-reflectors.? One email address subscribes to your-group.? Any message to that email is reflected and forward to many more NOT in the group.? This is called email forwarding, aka email reflector.?

In either case, there is limited ability to correct this.? The non-member people can block your messages, but really they are blocking the email-reflector.?
Finding in your huge email member listing the email-reflector is a big chore.? BUT, when you get a few of those people to send you their email 'header' info, you nailed the email reflector!

I will not post here email forwarding nor email reflectors here because it can cause further damage to GroupsIO here.? Best to talk about it and not demonstrate it's evil intent.? Yes, there are good ways to use it for business, not for here.

BMaverick
Re: Is there a way for subgroup members to message other subgroups? #subgroups

 

On Tue, Nov 3, 2020 at 07:25 PM, Debra Claffey wrote:
We're using subgroups for our committees, so they can each have their own messaging without bothering the main group. Is there a way that one subgroup can send a message to another subgroup"
Not that I know of. However, subgroup members are all members of the main group as well. You could use the main group for that.

Frances
?
--
GMF wiki for help.?Search box at the top of each page.

Check out the?new groups.io Help Center??Use your browser to search or download?the PDF.
Is there a way for subgroup members to message other subgroups? #subgroups

Debra Claffey
 

We're using subgroups for our committees, so they can each have their own messaging without bothering the main group. Is there a way that one subgroup can send a message to another subgroup"

Thanks,
Deb Claffey
New England Wax
14441 - 14460 of 49144