[Mailman-Users] Which user is harvesting sender emails?
mailmanu-20150316 at billmail.scconsult.com
Fri Aug 19 10:21:10 EDT 2016
On 18 Aug 2016, at 19:36, Mark Sapiro wrote:
> Altering the From: based on recipient can be done by modifying the
> Say you have a message "From: Ann User <ann at example.com>" and you want
> to change that to "From: Ann User <ann+xxx at example.com>" where xxx is
> unique code for each recipient.
Please, don't anyone do that, ever. It's not just "risky," as noted in
earlier discussion, it would be positively abusive.
A less obvious approach would be to add an address IN A DOMAIN YOU
CONTROL in a X-[something] header (or perhaps a Cc header) that is
unique to each recipient so that when you get mail to that address,
you've identified your problem user.
HOWEVER, there is an angle to this problem that should be understood:
it's probably not being done by a human subscriber. One possibility is
that a subscriber has malware on their machine that is generating the
spam, so when you identify a subscriber who is your vector, you may only
be identifying someone which an insecure machine. Another possibility
(which would be untraceable and easy to automate on the spammer side) is
that someone other than a subscriber is harvesting addresses and
subjects from your web archive at mail-archive.com, where every message
has a button to "Reply via email" that kicks back a redirection to a
mailto: URL with the sender's address and Subject.
More information about the Mailman-Users