US gov't email server turns into spam cannon

The cause of the problem was likely an erroneous change in the email server's settings

Subscribers to a US Department of Homeland Security daily email bulletin were inundated with dozens of emails on Wednesday due to a glitch with the mailing list.

The gaffe started after one man, Alex Greene, a manager at GKN Freight Services, sent a reply to the Daily Open Source Infrastructure Report, a round-up of security-related news reports, to change his subscription information.

The email server sent Greene's reply to everyone on the DHS's subscriber list, which sent off a torrent of responses from recipients — some humorous, some irritable — which in turn were fired out again to all subscribers, according to the SANS Institute, a computer security monitoring organisation. The cause of the problem was likely an erroneous change in the email server's settings.

The error could cause big trouble if a hacker sent a bad email attachment with a zero-day security vulnerability "to nail a few dozen gullible security professionals," Marcus Sachs wrote in the SANS diary, which documents security incidents.

"If you maintain a broadcast mailing list, make sure that the address will not reflect email from sources other than the owner of the list," Sachs wrote. "Otherwise, you will become a training example for SANS."

Excerpts of some of the emails were published by The New York Times.

"Dear Mr. Alex Greene (the guy who started this mess). May the fleas of a thousand camels infest your armpits and may a yak in heat make love to your shin," wrote Michael B. Smith.

Others were more lighthearted and opportunistic about the mistake. "Well as long as we have a free for all going here, I'm job hunting," wrote Lt. Col. Mary Brown, a US Air Force Reserve officer. "Anybody have anything open out there?

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags spamSecurity ID

Show Comments