[Mailman-Developers] spammers harvesting email'ids [was] UI for Mailman 3.0 update

Barry Warsaw barry at list.org
Mon Jun 7 20:28:22 CEST 2010

On Jun 05, 2010, at 04:21 PM, स्वक्ष wrote:

>On Fri, Jun 4, 2010 at 22:43, Mark Sapiro <mark at msapiro.net> wrote:
>> Ian Eiloart wrote:
>>>Well, maybe, but I've had to switch on approval for various lists because
>>>of subscribing spammers.
>> As Barry suggests, setting moderation of new members as the default can
>> also thwart the subscribing spammers.
>A smart spammer would hardly post to the mailing list --atleast on
>linux lists its asking to be moderated or kicked out, depending on the

At the very least, we want to make it has hard as possible for spammers to
spam people *through* a mailing list.

>I've checked out spammers who mass subscribe to the lists at Debian,
>Ubuntu, Fedora and RH, to access the email id's of all the subscribers
>(if this is set as available only to the list members). If the
>settings are "membership list is available only to the *-owner", the
>spammer can still subscribe, and lurk on the list to silently harvest
>the email id's of all the folks who post mails to any list they lurk
>on. The latter can be identified by checking their TLD when they sub
>to the list but if they use *-free-email-provider like a gmail or
>yahoo address to sub and lurk, its hard to tell.

We can try to make it more difficult to harvest email address from mailing
list archives and posts, but some of that is fairly difficult without
disrupting the usability of the mailing list.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20100607/93ee56a9/attachment.pgp>

More information about the Mailman-Developers mailing list