[Mailman-Developers] Possible spam attack against MM lists
J C Lawrence
claw at kanga.nu
Thu Sep 2 07:37:41 CEST 2004
On Thu, 02 Sep 2004 14:30:19 +0900
Stephen J Turnbull <stephen at xemacs.org> wrote:
>> I use TMDA as a C/R system in front of all my lists and then remove
>> all posting controls on the lists at the Mailman level. Given that
>> the majority of list members never even try to post, this has been
>> proven a particularly effective control.
> Since the majority of spam uses faked addresses all around, except on
> the envelope, I can see why.
> I'm afraid you may be in for a nasty surprise in the near future (at
> least if you run open-subscribe lists, even with confirmation) as I've
> witnessed two recent incidents where the spammer subscribed to a
> members-only-post list, then spammed.
Given the ubiquity of Mailman it is only a matter of time. Turing tests
are a bitch.
> Since the confirmation for the subscription requires a valid address,
> the TMDA challenge would go there, too!
There's a minor detail of the envelope continuing to agree with the
From: which can hurt there, but that's a detail.
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw at kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
More information about the Mailman-Developers