[Mailman-Users] list subscription spammers
Mark Sapiro
mark at msapiro.net
Sun Aug 30 02:24:07 CEST 2015
On 08/25/2015 10:12 AM, Will Yardley wrote:
> I'm seeing massive numbers of subscription lists to various lists we
> host (including multiple requests to the same list).
>
> These are submitted via a distributed network of hosts, presumably
> botnet victims / open proxies.
>
> The requests are from
> foo+[0-9]{9}@gmail.com
We have seen a huge rash of these on the python.org lists. Even with a
SUBSCRIBE_FORM_SECRET set and SUBSCRIBE_FORM_MIN_TIME = seconds(8) a
small percentage succeeded and that was still a lot.
Because of this, the head of the 2.1 branch at
<https://launchpad.net/mailman/2.1/> now implements a GLOBAL_BAN_LIST
and on mail.python.org, that is set to
GLOBAL_BAN_LIST = ['^.*\+\d{3,}@']
to ban any address whose local part ends with a '+' followed by 3 or
more digits. Before doing this I checked and there was only one member
of one list out of all the python.org list subscribers that had a local
part ending with '+' and digits and it only had one digit between the
'+' and '@'.
The attempts keep coming though.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list