[Mailman-Users] Stopping Spam

Douglas McCarroll douglas at brightworks.com
Tue Nov 30 11:26:26 CET 2004

I'm a relative Mailman newby, but this is a big interest of mine. I've just set 
up a couple of lists, and here's what I've done to prevent the harvesting of 
list-user email addresses by spammers. Some may be excessive - I don't fully 
understand all the options - but when in doubt I take the cautious option.

1. Set anonymous_list to Yes.

2. Set first_strip_reply_to to Yes.

3. In new_member_options I've selected Conceal The Member's Address.

4. For private_roster I've selected List Admin Only.

5. Set obscure_addresses to Yes.

What have I missed?

It really surprises me that the vast majority of lists (including this one!) 
blithely send out posters' email addresses to all subscribers. Of course, having 
an anonymous list means that posters have to sign their emails, or no one knows 
who sent them.  :)


Brad Knowles wrote:

> At 5:47 PM +0000 2004-11-29, Gary Smith wrote:
>>  In one of the previous posts (Allow members to send e-mail to another 
>> list)
>>  it was mentioned that intelligent spammers could monitor the output of a
>>  list and then spoof one of the subscribed addresses.
>     Indeed, this is a risk.
>>  I dont know much about emails, but how is this possible that they can
>>  monitor the output?
>     They subscribe to the list.  They see all the addresses come across 
> that a regular user would see, then pick one that they want to spoof.
>>                       It is possible to stop it easily?
>     Nope.  If all posters were required to use PGP-signed messages, and 
> you had PGP integrated into Mailman so as to reject all messages which 
> were not correctly PGP-signed, that might work.  Of course, anyone who 
> wanted to join the list and post would need to upload their key to the 
> PGP keyring on the mailing list server.

More information about the Mailman-Users mailing list