[Mailman-Users] How to blocking malicious subscription requests?

Jay R. Ashworth jra at baylink.com
Tue Sep 5 13:22:30 EDT 2017

----- Original Message -----
> From: "Mark Sapiro" <mark at msapiro.net>

> On 09/05/2017 09:45 AM, Grant Taylor via Mailman-Users wrote:
>> Is Mailman aware of user+detail?  Or does is it naively view the entire
>> userpart as distinct?  Thus allowing as many many subscriptions using
>> detail as possible?
>> I know of at least one very major mail provider (possibly the same one)
>> that removes dots from the user part.  So the following addresses are
>> equivalent.
> Mailman 2.1.x considers all these to be different users. E.g.
> joe at example.com
> joe+mm_list at example.com
> joe+other at example.com
> j.oe at example.com
> are four distinct users as far as Mailman is concerned.

And, albeit arguably, I think that's the correct behavior.  Plushacking is
a hack specifically to make recipient filtering easier and more reliable;
since you cant expect outsiders to assume it, you have to yourself treat it
as separate mailboxes, and assume they will as well.  As mailman does.

It is, in short, a way to create additional recipient mailboxes when 
the user in question doesn't have administrative permission to do that;
assuming the user's receiving MUA will do the right thing -- but that's 
the only computer it requires you to make an assumption about.

-- jra
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

More information about the Mailman-Users mailing list