[Mailman-Users] How to blocking malicious subscription requests?
tlhackque at yahoo.com
Tue Sep 5 12:12:36 EDT 2017
On 05-Sep-17 10:55, Ian Kelling wrote:
> There is at least one very major mail provider where
> joe+any_string at domain goes to the inbox of joe by default, allowing bad
> people to get my mailman instance to send many subscription mails to
> joe+random_string at domain, messing up joe's inbox, because mailman just
> sees different addresses. Can mailman stop doing this? If not, I'm open
> to an exim rule to block or at least rate limit mailman from doing this
This is correct behavior by both the mail service provider and by mailman.
The way to address the anti-social behavior described is to implement a
will effectively rate-limit subscription requests by bad actors -
usually to close to zero.
This has been discussed recently on this list.
> Also, is there a way to rate limit subscription requests even for the
> exact same email address? For example, don't allow someone to subscribe
> to list b if they have > 5 unconfirmed subscription requests in the last
I don't think so, but others more expert may respond. If not, it seems
like a reasonable
feature request for MM3. But a captcha will probably have the effect
that you want.
I use reCAPTCHA (now hosted by Google). It seems to stay ahead of the
most of the time. It's important to choose one that is accessible to
people with disabilities.
> Ian Kelling | Senior Systems Administrator, Free Software Foundation
> GPG Key: B125 F60B 7B28 7FF6 A2B7 DF8F 170A F0E2 9542 95DF
> https://fsf.org | https://gnu.org
More information about the Mailman-Users