[Mailman-Users] mailman and email harvesters
Mark Sapiro
msapiro at value.net
Fri Mar 31 21:05:40 CEST 2006
Matthew Clarkson wrote:
>We have switched half (about 15 so far) of our mailing lists from our
>majordomo server (with a hypermail based archiving system) to our new
>mailman server. I have just been notified by my boss that since the
>start of the switchover (3 weeks ago) he and a few other people have had
>a dramatic increase in spam based activity on their email accounts.
Have they posted, or are they just members?
>I
>checked to make sure my robots.txt on the webserver root was fine with
>the following entries
>
>User-agent: *
>Disallow: /pipermail/
Do you really think any spambot is going to honor a robots.txt file?
If you have public archives, at a minimum you need
ARCHIVER_OBSCURES_EMAILADDRS = Yes
This is the default, but have you turned it off in mm_cfg.py? I'm not
sure how effective the obfuscation is, but it's probably better than
'in the clear' addresses.
>Also, I verified that all my lists private_roster settings were set to
>List members.
>
>Can anyone else think of, if it is mailman that is the culprit here, any
>settings or ways that email harvesters could grab email addresses from a
>mailman server?
Can a spammer subscribe to your list and get the roster and then
unsubscribe? I don't know if spammers are sophisticated enough to do
this automatically, and I doubt they do it manually, but it is a
possibility unless subscription requires approval or the roster is
limited to admins.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list