[Mailman-Users] Subscription Form Spam -- It continues . . .

Rich Kulawiec rsk at gsp.org
Wed Oct 7 17:15:42 CEST 2015

On Wed, Oct 07, 2015 at 09:16:32AM -0400, brian at emwd.com wrote:
> I have seen another type of subscription form spam pop-up on our
> servers. It is particularly affecting one client that has 80 mailman
> lists and they wish to keep their lists publicly advertised. We keep
> seeing dozens of subscription spam coming in from gmail addresses
> PER MINUTE with the following format:

There are multiple approaches to this:

1.  Look at the logs.  Find out where the subscriptions are coming from,
and firewall out the appropriate network(s) or countries.  (See ipdeny.com
for country IP ranges.)


2. If you only expect to receive subscriptions from one or a few countries,
then firewall out the entire world and only allow connections from that
small set.


3. Use the Spamhaus DROP and EDROP lists in your firewall and drop
*all* inbound traffic from and *all* outbound traffic to those ranges.
This achieves lossless compression.  (This should be done whether you
do 1 or 2 or neither.  It's basic network self-defense.)


4. Collect all the forged subscriptions and have a chat with the email
people at Gmail.  It's possible that they can do something about this
on their side.  I can put you in touch with someone if need be.


More information about the Mailman-Users mailing list