[Mailman-Users] Spam backscatter: Which aliases to remove

Mark Sapiro mark at msapiro.net
Tue Mar 18 02:53:53 CET 2008 

Kenneth Porter wrote:

>I want to remove aliases from my mailman installation to avoid spam 
>backscatter. Which aliases do I absolutely need?
>
>Here's a list from mm-handler:
>
>@ValidActions = qw(admin bounces confirm join leave
>                   owner request subscribe unsubscribe);


You do not "absolutely" need any of these in the sense that you can
post to a list and receive posts without them. However most are
"useful"

You do not need 'admin'. It is a deprecated address from 2.0.x and is a
synonym for bounces.

'bounces' and 'owner' do not backscatter and without them, there will
be no automated bounce processing and some owner notifications from
Mailman won't be deliverable, so I wouldn't remove those.

Email messages from Mailman requesting confirmation for various things
are sent from the -request address with subject "confirm xxxxxx" or
from the -confirm address with a suffix of +xxxxxx (where xxxxxx is
the confirmation token) so that various confirmation request emails
can just be replied to. If you don't change all the templates for
these messages to remove the "reply to this email" part, you need
these addresses. Also, the -request address is mentioned in the RFC
2369 List-Unsubscribe, List-Help and List-Subscribe headers.

'join' and 'leave' are synonyms for 'subscribe' and 'unsubscribe'. Jo
Rhett would say you don't need any of these because nearly everyone
uses the web. He might also say you don't need/want 'request' and
'confirm'.
I wouldn't go that far. This is controversial stuff. There's no one
size fits all answer.

Also consider that Jo Rhett's original proposal was to not create
aliases. This is different from the mm-handler approach.

If an alias is missing, the mail for that address will be rejected at
SMTP time. This is good for spam. It is also OK for a legitimate mail
because the sender knows it wasn't delivered.

In the mm-handler case, mail for these addresses is silently discarded.
This is also OK for spam, but not so good for legitimate mail.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list