[Mailman-Developers] bugtraq submission warning: email address
harvesting exploit
J C Lawrence
claw at kanga.nu
Thu Nov 27 12:23:32 EST 2003
On Thu, 27 Nov 2003 09:17:33 -0800
Chuq Von Rospach <chuqui at plaidworks.com> wrote:
> On Nov 27, 2003, at 9:08 AM, Terri Oda wrote:
>> On Tue, Nov 25, 2003 at 11:07:39AM -0800, Chuq Von Rospach wrote:
> Remember challenge/response? When everyone thought it was the solution
> to all of our problems? Took the spammers under six weeks to crack it
> once they decided to try. (answer: send spam as being "From:" you,
> "To:" you. Most C/R systems have the user's email address
> whitelisted. end of story.
Hehn, the first thing I did was to blacklist myself and every role
address I had.
> Or leave pipermail alone, and write a CGI that all archives exit
> through that does the filtering, which is IMHO, how you ought to do
> it.
+1
> That way, you can authenticate via that CGI to a level of access,
> change the filtering on the fly, and leave the archives unedited (as I
> think they ought to be).
+1
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw at kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
More information about the Mailman-Developers
mailing list