[Mailman-Users] Which user is harvesting sender emails?

Bill Cole mailmanu-20150316 at billmail.scconsult.com
Fri Aug 19 10:21:10 EDT 2016


On 18 Aug 2016, at 19:36, Mark Sapiro wrote:

> Altering the From: based on recipient can be done by modifying the 
> code.
> Say you have a message "From: Ann User <ann at example.com>" and you want
> to change that to "From: Ann User <ann+xxx at example.com>" where xxx is 
> a
> unique code for each recipient.


Please, don't anyone do that, ever. It's not just "risky," as noted in 
earlier discussion, it would be positively abusive.

A less obvious approach would be to add an address IN A DOMAIN YOU 
CONTROL in a X-[something] header (or perhaps a Cc header) that is 
unique to each recipient so that when you get mail to that address, 
you've identified your problem user.

HOWEVER, there is an angle to this problem that should be understood: 
it's probably not being done by a human subscriber. One possibility is 
that a subscriber has malware on their machine that is generating the 
spam, so when you identify a subscriber who is your vector, you may only 
be identifying someone which an insecure machine. Another possibility 
(which would be untraceable and easy to automate on the spammer side) is 
that someone other than a subscriber is harvesting addresses and 
subjects from your web archive at mail-archive.com, where every message 
has a button to "Reply via email" that kicks back a redirection to a 
mailto: URL with the sender's address and Subject.


More information about the Mailman-Users mailing list