[Mailman-Users] Spam Subscriptions
Phil Stracchino
phils at caerllewys.net
Fri Feb 23 11:10:33 EST 2018
On 02/23/18 10:07, David Andrews wrote:
> Secondly, there is some commonality in the subscribe addresses, are
> there strings I can use to discard the subscribes so I never have to see them.
>
> Below are examples, there is a common word, or a common word, a
> period ., and another common word, then a plus sign + then a 4 5 or 6
> character word, all alpha, and @gmail.com
> Here are examples:
>
> dragonommz+
> jwmidnight+
> nommz.naidoo+
>
> If I could knock these out, it would be helpful. This has happened
> several times previously, but has always stopped after a few weeks.
> This time it has been a couple months.
You can't filter based on that address format. (At least, not and be
correct.)
This format, plus-extension, is a legitimate address structure
specifically for the purpose of generating traceable throwaway
addresses. If I give you reddog+thislist at example.com as my email
address, which I receive at my address reddog at example.com, and I've
given that to no-one else, and a few weeks later I start getting random
spam sent to reddog+thislist at example.com, I know you have (intentionally
or otherwise) leaked my email address.
Just because an address is plus-extended does not mean it is spam. If
you choose to refuse extended addresses, you risk refusing legitimate
subscribers.
Have you considered requiring CAPTCHAs for subscription?
--
Phil Stracchino
Babylon Communications
phils at caerllewys.net
phil at co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
More information about the Mailman-Users
mailing list