[Mailman-Users] Targeted attack against german universities using mailman

Scott Neader scott at qth.com
Tue May 9 11:06:02 EDT 2017

> On May 9, 2017, at 8:17 AM, Sebastian Hagedorn <Hagedorn at uni-koeln.de>
> wrote:
> >
> > The bigger issue is that clearly the admin addresses of all lists were
> scraped from the public listinfo pages. This means that the same thing
> could happen again anytime. :-(

> On Tue, May 9, 2017 at 9:47 AM, Bryan Blackwell <bryan at skiblack.com>
>  wrote:
> Some years ago I ran into this problem, we turned off all the "Advertise
> this list" options and instead refer to them from other general info pages
> for the group.  That cut down the spam to the lists, admins, and -owners
> addresses considerably.

Another option to help with the "listinfo admin email scraping" issue is to
enable Moderation on the admin email address(es) that are listed on the
public listinfo pages.  So, regular members can post freely, but if the
admin posts, he/she needs to approve their own post.

If the admin is a regular poster he/she could create a forwarder of some
type, and only list the forwarder as the admin (and moderate it), then
subscribe to the list with their regular address and make that
unmoderated.  This way, they can post with their primary email address, but
also receive any administrative emails.

Hope this makes sense.

- Scott

More information about the Mailman-Users mailing list