[Mailman-Users] Distributed mass subscribe attack?

Phil Stracchino phils at caerllewys.net
Fri Aug 18 13:07:29 EDT 2017

On 08/18/17 12:25, tlhackque via Mailman-Users wrote:
> On 17-Aug-17 16:47, Andy Cravens wrote:
>> David,
>> I forgot to mention I’m also working on a modsecurity rule to look at all POSTs
>> and reject if they contain an email address with a + sign.
> I understand the drive to suppress an attack.  However, + is valid in
> e-mail addresses.  It's frequently used by people to setup auto-filing
> rules, and/or to track the source of addresses harvested for SPAM.
> I strongly discourage any service provider from defining what formats of
> e-mail addresses are acceptable.  Such definitions, however
> well-intentioned, are almost always wrong - and effectively blindly deny
> service.

I second this.  It is a legitimate part of compliant email addresses, no
matter how many web stores seem to believe otherwise (or are merely
unaware of it).

> If an address is valid per RFC822 (2822,5322, ...), accept it.


> No matter what you do, the spammers will adapt, eventually.  But unless
> you're a particularly appealing target, they're likely to move on if you
> do almost anything unusual.

One of your best first lines of defense is don't be the low-hanging fruit.

  Phil Stracchino
  Babylon Communications
  phils at caerllewys.net
  phil at co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958

More information about the Mailman-Users mailing list