I’ve subscribed to besadmin-announcements@bigmail.bigfix.com to receive BigFix updates.
But, now and then I receive an email saying: “Mailing list removal confirmation notice for mailing list Besadmin-announcements” although I never tried to unsubscribe…
I’ve been also flooded with the same ‘mailing list removal’ e-mails even though I haven’t unsubscribed. This seems to be a new type of spam or phishing attempt.
This is something that we get reports of from time to time, both customers and our internal folks get this. My guess is that it’s actually some dumb hacking attempt at the https://bigmail.bigfix.com/mailman/options/besadmin-announcements page that’s triggering ‘unsubscribe’ requests. Luckily it triggers this confirmation instead of just unsubscribing without confirmation, so ignoring it is the option. I have been debating modifying the above page to just remove those options, and see if that helps.
This is a result of Microsoft Outlook Advanced Threat filters. Basically, this automatic service will hit every URL found in emails to verify they are “safe” before the email makes it into your inbox. Because the mailing list includes a direct URL that you can click to unsubscribe, it will follow that and hence the unsubscribe email. They recently “enhanced” this capability and started following the URLs using a full javascript browser so if there is anything on the page it follows, it will load (and sometimes even try clicking).
I have has some decent luck adding the email address to the “Safe Senders” list (dot menu on message in web UI), but if HCL can update the process so there is another step to follow would be awesome. Like a captcha would work to stop this.
We experienced this too and solved it. In our case, it was indeed the Microsoft 365 Defender Safe Links security feature that would evaluate the link on the backend, thus triggering the alert. Our solution was to exclude the following URLs from the Safe Links URL rewrite policy:
First of all an excellent 2022 to everyone!
Thanks for all the replies. I’ll take a look on what @rames said and give some feedback after implementing!