[Mailman-Users] Handling bogus subscribe requests

Mark Sapiro mark at msapiro.net
Tue Jan 12 12:54:06 EST 2016

On 01/12/2016 01:18 AM, Andrew Daviel wrote:
> In the last few days we've seen several thousand bogus subscription
> requests for various lists we host, send through the web interface. They
> seem to mostly originate in China.
> We see log entries such as /var/log/mailman/subscribe
> Jan 11 20:50:30 2016 (27666) grsi-users: pending
> hellocatboots+80339132 at gmail.com
> and in the webserver logs
> - - [10/Jan/2016:03:27:18 -0800] "POST
> /mailman/subscribe/grsi-users HTTP/1.1" 200
> I'm not sure what the point is - a DoS attack on a few users, perhaps. I
> see that gmail gives you infinite aliases, so that
> hellocatboots+80339132 is the same as hellocatboots+96529823 at gmail.com

There are threads on this in the archives of this list. See threads
containing the posts
and perhaps the thread starting at

For the @python.org lists, we use the regexp '^.*\+.*\d{3,}@' in the
newly implemented, not yet released GLOBAL_BAN_LIST to ban all addresses
with a '+' followed by anything followed by at least 3 digits up to the '@'.

for more on that.

It's been effective so far.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list