[Mailman-Users] non-subscriber managed to post to a subscriberonly list

[Brad Knowles]

on 1/26/09 4:49 PM, Grant Taylor said:

> I would be willing to bet that the spoofed member is really the source 
> of the message.  I would not be at all surprised if that members 
> computer has malware on it that sent the email (after harvesting it from 
> the address book) via the default email client and thus the list members 
> ISP.

That may be typical in some cases, but I assure you that it is not the 
case for when someone else tried to spoof my e-mail address in posting 
their spam to this mailing list.

> I think it would be worth asking the member to send an email to you (or 
> reply to a request) and compare the headers.  If the headers are almost 
> identical, I'd ask them to run a virus and malware scanner on their 
> computer.  I'd ask even stronger if all the spam messages that came in 
> came from that same system.

Even if they were infected with malware, those programs could easily use 
a different outbound route than the normal mail sent by that person. 
So, such a test might turn up something interesting, but then again it 
doesn't prove anything if it doesn't.

Don't depend too much on such tests.

-- 
Brad Knowles
<brad at shub-internet.org>        If you like Jazz/R&B guitar, check out
LinkedIn Profile:                 my friend bigsbytracks on YouTube at
<http://tinyurl.com/y8kpxu>    http://preview.tinyurl.com/bigsbytracks