[Mailman-Users] How to blocking malicious subscription requests?
gtaylor at tnetconsulting.net
Tue Sep 5 12:45:11 EDT 2017
On 09/05/2017 08:55 AM, Ian Kelling wrote:
> There is at least one very major mail provider where
> joe+any_string at domain goes to the inbox of joe by default,
Is Mailman aware of user+detail? Or does is it naively view the entire
userpart as distinct? Thus allowing as many many subscriptions using
detail as possible?
I know of at least one very major mail provider (possibly the same one)
that removes dots from the user part. So the following addresses are
u.s.e.r at example.net
user at example.net
us.er at example.net
The same type of thing could be exploited without user+detail.
Grant. . . .
unix || die
More information about the Mailman-Users