[Mailman-Users] How to deal with these spam submissions?

Mark Sapiro mark at msapiro.net
Mon Jan 5 23:09:27 CET 2015

On 01/05/2015 10:35 AM, Tracey McCartney wrote:
> I run a list at fair_housing@(my domain here). 
> Over the last few days, I've received some spammy non-member submissions
> from these e-mail addresses:
> fair_housingbnqq at maxcom.net.mx
> fair_housinghjhn at woohoo.ro
> fair_housingrjs at fourlads.com
> fair_housingrprs at pepempilhadeiras.com.br
> <mailto:fair_housingrprs at pepempilhadeiras.com.br> 
> So clearly these aren't totally random - they have bot-generated addresses
> based on the address of my list.  I would like to add these and e-mail
> addresses like them to my sender filter to be discarded upon receipt.

If these are subscription requests, adding something to Sender filters
won't help. You want Privacy options... -> Subscription rules ->
ban_list to prevent addresses from subscribing. A regex like


or more simply just


will prevent any email address beginning with 'fair_housing' from
subscribing to the list. You could also add the same regexp to Privacy
options... -> Sender filters -> discard_these_nonmembers to prevent such
addresses from posting if your list otherwise accepts non-member posts.

Also, if these are bots requesting subscription via the web and your
Mailman version is >= 2.1.16 and you have access, see the section about
SUBSCRIBE_FORM_SECRET in Defaults.py for information on a mitigation for
this attack. To use it, you would set

SUBSCRIBE_FORM_SECRET = 'some string of your choice'

in mm_cfg.py.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list