[Mailman-Users] what gives?
Chuq Von Rospach
chuqui at plaidworks.com
Thu Feb 17 17:59:48 CET 2005
On Feb 17, 2005, at 8:19 AM, Mark Sapiro wrote:
> I'm still a bit more skeptical at this point than "no doubt", but I'm
> open to the idea.
since I've already found the culprit (I hope), it's well beyond no
doubt. it's guaranteed.
> Someone is somehow watching this public list and getting addresses of
> (some, all?) first time posters to this list and attempting to
> subscribe those addresses to some other list.
>
> There doesn't seem to be any security issue here.
It's a huge security issue. Someone is hijacking a mailing list and
forcing its users to see content they didn't ask for, iwthout
permission of the owner of the list. Now, imagine instead of a single
confirm message, every posting got it. And that the harvesting address
was on hotmail.com and forwarding off somewhere.
now what? how do you find it? how do you stop it?
> as this list is
> public and anyone can subscribe to it or visit its archive.
which doesn't give anyone a right to spam users of it. or harvest it.
You want to kill a mailing list? do what I just suggest, and every time
someone posts to it, they get porn spam. the list'll go stone dead very
quickly. Want to kill mailing lists in general? let it be known that
spammers have figured out that to harvest emails, all they need do is
subscribe to mailing lists and harvest what comes in to their
safe-house address. And since there's no direct connection there, how
do you stop THAT?
There are things that could be done, but few to no mailing lists do
them. And it's a serious issue that I feel is just a matter of time...
It's a big issue, mark. it's one of people repurposing our stuff for
their purposes, and whether we have a say in them being able to do it
(or stopping them somehow). USENET ultimately had no control
mechanisms. It's dead.
mail lists? very vulnerable.
More information about the Mailman-Users
mailing list