[Mailman-Users] How to blocking malicious subscription requests?

Grant Taylor gtaylor at tnetconsulting.net
Tue Sep 5 12:45:11 EDT 2017

On 09/05/2017 08:55 AM, Ian Kelling wrote:
> There is at least one very major mail provider where 
> joe+any_string at domain goes to the inbox of joe by default,

Is Mailman aware of user+detail?  Or does is it naively view the entire 
userpart as distinct?  Thus allowing as many many subscriptions using 
detail as possible?

I know of at least one very major mail provider (possibly the same one) 
that removes dots from the user part.  So the following addresses are 

u.s.e.r at example.net
user at example.net
us.er at example.net

The same type of thing could be exploited without user+detail.

Grant. . . .
unix || die

More information about the Mailman-Users mailing list