[Mailman-Users] How do the spammers do it?

[Brad Knowles]

At 12:12 PM -0600 2005-05-14, Mike Avery wrote:

>  This has happened several times - I create a new list for a local
>  group.  I add the users to it myself.  I make the list public in the
>  Mailman/listinfo web page.  And within 2 weeks, the list starts getting
>  spammed.
>
>  How do they get the list name?

	Spammers also run their own spiders looking for anything remotely 
like an e-mail address, and I'm sure they have some that look for 
anything that looks like a mailing list.

	A friend of mine wrote a package called wpoison to try to "catch" 
these spiders and to generate tons of bogus e-mail addresses which 
the spammers might then try to use, thus exposing both the IP address 
of the spider which collected that address and the IP address of the 
e-mail server from which the spam was coming from.

	Problem is, when spammers use a botnet of a million machines, it 
doesn't really hurt them to have a few of these machines exposed.

>                                  Is there any way to hide it better?

	You could make the lists private, but they could still be exposed 
in other ways.

>  I've been lucky that none of the spam has actually made it to my lists,
>  but it's annoying to have to wade through the blocked messages to
>  separate the wheat from the chaff.

	There are some things you can do on the MTA to reduce the amount 
of spam that is let through, but ultimately there's not really 
anything you can do to stop someone who is determined to get through.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.