[Mailman-Users] mailman and email harvesters

Mark Sapiro msapiro at value.net
Fri Mar 31 21:05:40 CEST 2006

Matthew Clarkson wrote:

>We have switched half (about 15 so far) of our mailing lists from our 
>majordomo server (with a hypermail based archiving system)  to our new 
>mailman server.  I have just been notified by my boss that since the 
>start of the switchover (3 weeks ago) he and a few other people have had 
>a dramatic increase in spam based activity on their email accounts.

Have they posted, or are they just members?

>checked to make sure my robots.txt on the webserver root was fine with 
>the following entries
>User-agent: *
>Disallow: /pipermail/

Do you really think any spambot is going to honor a robots.txt file?

If you have public archives, at a minimum you need


This is the default, but have you turned it off in mm_cfg.py? I'm not
sure how effective the obfuscation is, but it's probably better than
'in the clear' addresses.

>Also, I verified that all my lists private_roster settings were set to 
>List members.
>Can anyone else think of, if it is mailman that is the culprit here, any 
>settings or ways that email harvesters could grab email addresses from a 
>mailman server?

Can a spammer subscribe to your list and get the roster and then
unsubscribe? I don't know if spammers are sophisticated enough to do
this automatically, and I doubt they do it manually, but it is a
possibility unless subscription requires approval or the roster is
limited to admins.

Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list