[Mailman-Users] what gives?

Chuq Von Rospach chuqui at plaidworks.com
Thu Feb 17 17:29:57 CET 2005

>> The fact that at least 4 people from this list have already responded
>> that they too have gotten that same mailman confirm email from that
>> domain/list at about the time, as they recall, that they first
>> subscribed here and made their first post leaves no doubt at this 
>> point
>> that there is a connection.

> OK...that's easy enough, and doesn't require compromising anything.  
> It just
> requires subscribing an innocuous address to the list(s), and keeping 
> track
> of posted message senders.

Yup. The secret nightmare of any list admin -- that someone harvests a 
list by subscribing to it and then processing the postings.

In fact -- I believe I found the address. It has been removed, and the 
site banned from resubscribing. I tend to think this wasn't an 
intentional harvesting, actually, but it doesn't matter. My guess is 
their admin subscribed ot the list when they were setting up the site, 
and when they went production with their spam, set things up to that 
all incoming mail got forwarded to their spam lists. An intentional 
harvesting wouldn't be so easy to find.

But I think it's fixed, and I'm glad folks kept harping on this to make 
us go look for it. This kind of list harvest is something I've worried 
about for years, because it's basically impossible to find if they set 
it up right. Here's hoping I'm right and it was by accident.

More information about the Mailman-Users mailing list