[Mailman-Users] Harvesting of email addresses for spam from archives

David Beaumont david at johmar.com
Mon Sep 8 14:25:31 CEST 2008

We have had a lot of spams sent directly to our list members (i.e. not sent
via mailman).  All of them have subject headings taken from list emails
already sent out genuinely via mailman.  Almost all have our specific list
prefix (but interesting not every one).

Has anyone else had this recently (started 3rd Sept approx and the spammers
listed from address has 'kiev' in it)?

I can only think of 2 ways this has happened

1) Our public archives have been harvested by a spammer.  This would account
for the subject headings being used.  Email addresses are displayed in the
archives as, literally, 'name at domain.com' which is not immediately
harvestable but wouldn't take much code to convert ' at ' to '@'. How do we
make this more secure? I notice this list's archives are not standard
mailman format!

2) One of our members PCs has been attacked and the subjects and email
addresses taken from there.  All our emails are delivered with the reply to
address being the list but the originators email showing.  This would
account for a small number of the spams not having our list prefix in the
subject heading (they would not have the prefix if stored in the sent box of
the person that created the genuine message).  However I would expect at
least some members to report spam with entirely non list subjects from the
same spammer.   

More information about the Mailman-Users mailing list