[Mailman-Developers] Mailing lists exploited
Mark Sapiro
mark at msapiro.net
Tue May 16 23:52:01 EDT 2017
On 05/16/2017 08:17 PM, Daniel Kahn Gillmor wrote:
>
> surely it's easy for an attacker to guess moderation-free sender
> addresses by a quick scan of the list archives as well.
Only if there are public archives.
I realized I am more or less immune from this attack for my several
production lists. The lists are all @example.org (obviously not the real
domain) and the list owner is listmanager at example.org which is a
forwarder to the real list admins and is not a member or authorized
poster of any of the lists.
It was set up this way because we have a number of such forwarders for
various functions and having a generic address for a function is a
convenience that avoids people mailing the wrong people when
responsibilities change, but a side benefit is the address exposed on
web pages can't post without moderation, plus one could add it to
discard_these_nonmembers and never see posts From: that address.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list