Re: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit
On Thu, 27 Nov 2003 09:17:33 -0800 Chuq Von Rospach <chuqui@plaidworks.com> wrote:
On Nov 27, 2003, at 9:08 AM, Terri Oda wrote:
On Tue, Nov 25, 2003 at 11:07:39AM -0800, Chuq Von Rospach wrote:
Remember challenge/response? When everyone thought it was the solution to all of our problems? Took the spammers under six weeks to crack it once they decided to try. (answer: send spam as being "From:" you, "To:" you. Most C/R systems have the user's email address whitelisted. end of story.
Hehn, the first thing I did was to blacklist myself and every role address I had.
Or leave pipermail alone, and write a CGI that all archives exit through that does the filtering, which is IMHO, how you ought to do it.
+1
That way, you can authenticate via that CGI to a level of access, change the filtering on the fly, and leave the archives unedited (as I think they ought to be).
+1
-- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
participants (1)
-
J C Lawrence