[Mailman-Users] Major problems with privacy and mailman lists and harvesters

Steve Murphy murf at digium.com
Tue May 27 00:30:24 CEST 2008

----- "Jim Popovitch" wrote: 
> On Fri, May 23, 2008 at 1:03 PM, Steve Murphy <murf at digium.com> wrote: 
> > Within MINUTES of my first posting on asterisk-users, I was getting spam 
> > on an email address that was brand-new. 
> How do you know that it was your archived post that the spammers 
> picked up on? It is also possible that the harvester is an address 
> subscribed to asterisk-users. 

I have not yet had the time to invest to scientifically prove that the spammers 
got my address from gleaning the list or archives. But it might be fun to do. 
Get an account at spamgourmet, or equiv. Sign up to a series of lists, having all list 
submissions go to unique-to-list throw-away addrs. Post a few messages, 
and then close down the mailman account, after the messages go out. 
Watch the throw-away accounts, and see if they get spammed. I **have** 
verified that the w3.org mailing list is responsible for one throw-way 
getting spammed. (and big-time, at that!) 

> IMHO, obfuscating the archives achieves little effect other than a 
> false sense of hope. The fact is spammers don't want stale archived 
> email addresses, they want fresh active (i.e. poster's) addresses. 
> Welcome to 2008, ;-) 

I totally agree. We need to filter out *all* addresses from the outgoing messages, 
to protect folks who like to include their email in message trailers and sigs, or 
who quote other emails from other users, and get them spammed, also. 
Obfuscation can/will be overcome and is not a solution. 

> -Jim P. 

Steve Murphy 
Software Developer 

More information about the Mailman-Users mailing list