[Mailman-Users] Which user is harvesting sender emails?

Richard Shetron guest2 at sgeinc.com
Fri Aug 19 14:36:27 EDT 2016

There is a LOT of broken software that will refuse rfc compliant email 
addresses as they do not properly follow the standards.  The + sign has 
been in use and part of the rfc's for at least 30 years.  I've found 
that using the underscore '_' will work when the plus '+' sign does not, 
however your mileage will vary.

What is even worse, you can create a <user>+tag@<domain> but later on 
the same companies software in a different part of the website will then 
refuse to accept the tagged address so even an initial acceptance can 
have problems elsewhere.

On 8/19/2016 10:21 AM, Bill Cole wrote:
> On 18 Aug 2016, at 19:36, Mark Sapiro wrote:
>> Altering the From: based on recipient can be done by modifying the code.
>> Say you have a message "From: Ann User <ann at example.com>" and you want
>> to change that to "From: Ann User <ann+xxx at example.com>" where xxx is a
>> unique code for each recipient.
> Please, don't anyone do that, ever. It's not just "risky," as noted in
> earlier discussion, it would be positively abusive.
> A less obvious approach would be to add an address IN A DOMAIN YOU
> CONTROL in a X-[something] header (or perhaps a Cc header) that is
> unique to each recipient so that when you get mail to that address,
> you've identified your problem user.
> HOWEVER, there is an angle to this problem that should be understood:
> it's probably not being done by a human subscriber. One possibility is
> that a subscriber has malware on their machine that is generating the
> spam, so when you identify a subscriber who is your vector, you may only
> be identifying someone which an insecure machine. Another possibility
> (which would be untraceable and easy to automate on the spammer side) is
> that someone other than a subscriber is harvesting addresses and
> subjects from your web archive at mail-archive.com, where every message
> has a button to "Reply via email" that kicks back a redirection to a
> mailto: URL with the sender's address and Subject.
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/guest2%40sgeinc.com

More information about the Mailman-Users mailing list