[Mailman-Users] Spam to "-request" address generating backscatter spam

Jim Popovitch jimpop at gmail.com
Thu Dec 22 16:53:49 EST 2016

On Tue, Dec 13, 2016 at 12:35 PM, Mark Sapiro <mark at msapiro.net> wrote:
> Steve has answered most of this. I just want to add a couple of things.
> With respect to web subscribes, several sites including python.org have
> seen mail bomb attacks via the web subscribe interface.
> These are subscribes via the web UI by distributed bots that are "smart"
> enough to GET the form  and delay tens of seconds before POSTing it. The
> most recent attacks have been multiple subscribes to multiple lists of
> some gmail.com address with various permutations of dots (ignored by
> gmail) interspersed in the local part. The most recent attack on
> mail.python.org subscribed addresses that matched
>   '^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com

I know the GLOBAL_BAN_LIST is for email addrs, but what would it take
to implement the same (or some field validation logic) for the
"fullname" field of the subscription page.   I'm still seeing a ton of
subscribe spam attempts, and the fullname field is consistently not a
text name.

>From nginx log:

...sales at apexgolfcarts.com&fullname=58562fbb70e22...
...ellenv3 at hotmail.com&fullname=5856315b5b695...
...scottpickup2000 at gmail.com&fullname=5856372a4e2f1...
...vanessae at live.com&fullname=58563aa6664bf...
...meagan at meaganlucyphoto.con&fullname=58563ab925ac7...
...saramardambey at gmail.com&fullname=58564566dc31b...
...dotthomas717 at yahoo.com&fullname=5856456df0b96...
...scottpickup2000 at gmail.com&fullname=58564b85ccf98...

-Jim P.

More information about the Mailman-Users mailing list