[Mailman-Users] what gives?
John W. Baxter
jwblist at olympus.net
Thu Feb 17 16:29:08 CET 2005
On 2/17/2005 4:34, "sea23 at seasalt.org" <sea23 at seasalt.org> wrote:
> John W. Baxter wrote:
>
>> I subscribed a different address (by email, as is my habit when I have a
>> list message handy).
>>
>> I confirmed a half hour ago...no spurious confirmations from other lists yet
>> (if that changes, I'll let you know). I have now unsubscribed.
>>
>> --John
>>
>>
>>
>
> John,
>
> The fact that at least 4 people from this list have already responded
> that they too have gotten that same mailman confirm email from that
> domain/list at about the time, as they recall, that they first
> subscribed here and made their first post leaves no doubt at this point
> that there is a connection. Again, I think they are simply identifying
> first time posters to this list (and possibly other lists) and then
> firing off a confirm email to them, probably in order to advertise their
> site rather than to get anyone to join their mailing list.
OK...that's easy enough, and doesn't require compromising anything. It just
requires subscribing an innocuous address to the list(s), and keeping track
of posted message senders.
>
> But in any event, your test would not have worked since it is apparently
> only when a new subscriber makes his first post, not when he subscribes,
> that triggers the confirm email from them.
OK...that wasn't the recipe which was suggested by your initial message,
which said the bogus confirm came shortly after you confirmed...no mention
of posting a message too.
There's also the fact that my provider's anti-spam mechanisms could well
have kept the bogus message out even had it been attempted.
--John
More information about the Mailman-Users
mailing list