Re: [Mailman-Developers] Possible spam attack against MM lists
On Thu, 02 Sep 2004 14:30:19 +0900 Stephen J Turnbull stephen@xemacs.org wrote:
I use TMDA as a C/R system in front of all my lists and then remove all posting controls on the lists at the Mailman level. Given that the majority of list members never even try to post, this has been proven a particularly effective control.
Since the majority of spam uses faked addresses all around, except on the envelope, I can see why.
Yup.
I'm afraid you may be in for a nasty surprise in the near future (at least if you run open-subscribe lists, even with confirmation) as I've witnessed two recent incidents where the spammer subscribed to a members-only-post list, then spammed.
Given the ubiquity of Mailman it is only a matter of time. Turing tests are a bitch.
Since the confirmation for the subscription requires a valid address, the TMDA challenge would go there, too!
There's a minor detail of the envelope continuing to agree with the From: which can hurt there, but that's a detail.
-- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
participants (1)
-
J C Lawrence