[Mailman-Users] Preventing spam to list owners
brad at shub-internet.org
Mon Oct 1 05:29:07 CEST 2007
On 9/30/07, Robert Braver wrote:
> Wholesale bouncing of list mail to non-subscribers is totally
> unacceptable due to the amount of outscatter this will cause. (see
> http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam )
Mailman is pretty resistant to generating backscatter. Yes, if
configured to do so, it will generate it. But it keeps track of how
often it has responded to a given address in a given period of time,
and won't respond more than a set number of times in a day to a given
address. This effectively limits the ability to abuse Mailman as a
backscatter amplifier for a DDoS attack.
However, in some cases, even just a single instance of backscatter
can get you put on a blacklist. So, you've got to weigh the relative
evils of not responding at all to a potential legitimate message from
a real human being, or generating potential backscatter.
> It only took one list member from one of the smaller lists (which is
> private and not listed anywhere) who had their address book
> harvested by a trojan to cause about 50 spam emails a day to that
> list alone on an ongoing basis... so hiding the list addresses
> doesn't guarantee that they won't eventually leak out and get on the
> spam lists.
Security through obscurity never works. Ultimately, you always get
found out. Usually, that ends up happening sooner rather than later.
However, keeping lists private as part of a larger security scheme
can be effective -- just make sure that keeping the list private
isn't your only method of security.
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
More information about the Mailman-Users