New Internationalist

Avoiding e-mail list data corruption

A few weeks ago, I started a major upgrade to New Internationalist's broadcast e-mail infrastructure. In the process of the upgrade, I noticed that a small number of e-mail subscriber records had been maliciously injected with arbitrary data (in this case, URLs to some other site).

Upon investigating the issue, it occurred to me that many other sites and organizations with larger e-mails list could be susceptible to this type of e-mail data corruption. So here's a quick run-down of the problem and some possible solutions.

The injection is relatively unsophisticated, and is not specific to one e-mail broadcast tool (i.e., I think it would be an issue for almost any e-mail platform on the market). Basically, the "attacker" is:

  • Posting data into existing e-mail list subscription forms
  • Guessing for common e-mail addresses (think of addresses like [email protected])
  • Posting in malicious data and links for text fields like "First name" and "Last name"

What results is a record that looks like:

Email: [email protected]

If we were to send out an e-mail campaign with personalization using the First name and Last name, we would inadvertently send that content to the subscriber.

Though the attack is fairly limited by the requirement of guessing existing subscribers e-mail addresses and, depending on the e-mail broadcast system, possibly a message triggered to the subscriber about a record change, or a subscription confirmation, it does point out that groups with larger e-mail lists could take steps to avoid this proactively.

In New Internationalist's case, I added some client-side form validation to help ensure that the data going into our broadcast tool was less likely to contain URLs or obviously bad data.

On the broadcaster side of things, I set up regular reports to look for cases of questionable data in our database, which I can then investigate manually.

Down the road, I'd like us to implement a "middleware" solution that also provides server-side data validation and does some pre-screening of the data to be posted to the broadcaster (using something like Mail-CheckUser or similar).

Would be great to know if other organizations have implemented anything similar, or have experienced similar attempts at corrupting their e-mail list data.

Comments on Avoiding e-mail list data corruption

Leave your comment


  • Maximum characters allowed: 5000
  • Simple HTML allowed: bold, italic, and links

Registration is quick and easy. Plus you won’t have to re-type the blurry words to comment!
Register | Login

...And all is quiet.

Subscribe to Comments for this articleArticle Comment Feed RSS 2.0

Guidelines: Please be respectful of others when posting your reply.

Get our free fortnightly eNews


Videos from visionOntv’s globalviews channel.

Related articles

Popular tags

All tags

The Tech Blog

This is where New Internationalist Web Team documents the free and open software used to build this website and its services, discusses emerging issues in the technology space, and provide critical analysis, news and commentary on all things IT and web.

The Tech Blog