[Mailman-Users] list subscription spammers

Mark Sapiro mark at msapiro.net
Sun Aug 30 02:24:07 CEST 2015

On 08/25/2015 10:12 AM, Will Yardley wrote:
> I'm seeing massive numbers of subscription lists to various lists we
> host (including multiple requests to the same list).
> These are submitted via a distributed network of hosts, presumably
> botnet victims / open proxies.
> The requests are from
> foo+[0-9]{9}@gmail.com

We have seen a huge rash of these on the python.org lists. Even with a
small percentage succeeded and that was still a lot.

Because of this, the head of the 2.1 branch at
<https://launchpad.net/mailman/2.1/> now implements a GLOBAL_BAN_LIST
and on mail.python.org, that is set to

GLOBAL_BAN_LIST = ['^.*\+\d{3,}@']

to ban any address whose local part ends with a '+' followed by 3 or
more digits. Before doing this I checked and there was only one member
of one list out of all the python.org list subscribers that had a local
part ending with '+' and digits and it only had one digit between the
'+' and '@'.

The attempts keep coming though.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list