[Mailman-Users] bots subscribing to lists via web forms to avoidmember-only restrictions

Mark Sapiro mark at msapiro.net
Sun Jan 6 22:02:19 CET 2008

Matt Domsch wrote:

>Several times this week I've received spam to my lists which are set
>to allow postings only by list members.  Upon review, something
>(either bot or human, but I'm betting bot as they hit many lists at
>once) subscribed the spam sender email to the lists via the web form,
>sent the spam, then unsubscribed themselves.

What is subscribe_policy for these lists?

>The actual spam message was declared clean by both SpamAssassin and
>IronPort, so the filtering ahead of MM is quite helpful, but not perfect.
>Are there plans to enhance the web subscription form with a type of
>captcha, or other technique to discourage bots?

There is no current plan.

>Anyone else hit by this practice much?

I've never seen it on lists with subscribe_policy of either Confirm or
Approve. I don't allow open subscribe.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list