[Bug 1082746] [NEW] Automated processes can swamp a list with web subscription requests.

Mark Sapiro mark at msapiro.net
Sat Nov 24 23:39:07 CET 2012


Public bug reported:

There are discussions of this in threads at
<http://mail.python.org/pipermail/mailman-
users/2012-October/074213.html>, <http://mail.python.org/pipermail
/mailman-users/2012-October/074278.html> and
<http://mail.python.org/pipermail/mailman-
users/2012-November/074412.html>.

The Mailman developers do not think there is any way to prevent this
other that disabling web subscribe entirely, as by definition,
subscription requests come from unauthenticated users.

However, an attempt will be made to mitigate this by making a site
option to include a dynamically generated hidden hash in the subscribe
form which will at least require an automated process to first GET and
parse the listinfo form immediately prior to POSTing it.

** Affects: mailman
     Importance: Medium
     Assignee: Mark Sapiro (msapiro)
         Status: In Progress

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1082746

Title:
  Automated processes can swamp a list with web subscription requests.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1082746/+subscriptions


More information about the Mailman-coders mailing list