[Mailman-Users] Harvesting of email addresses for spam from archives

David Beaumont david at johmar.com
Mon Sep 8 21:19:27 CEST 2008 

Thanks is this still the case at  http://lists.shire.net/pipermail/dbamain/
?  We have just put a password on so I am hoping that will stop robots too.

David 

> -----Original Message-----
> From: Paul [mailto:opensource at unixoses.com] 
> Sent: 08 September 2008 20:00
> To: David Beaumont
> Cc: mailman-users at python.org
> Subject: Re: [Mailman-Users] Harvesting of email addresses 
> for spam from archives
> 
> It helps to disallow but the site is allowing.  So possible 
> some engines
> will bot the whole site:
> 
> http://www.mail-archive.com/robots.txt
> 
> 
> On Mon, September 8, 2008 8:25 am, David Beaumont wrote:
> > We have had a lot of spams sent directly to our list 
> members (i.e. not
> > sent
> > via mailman).  All of them have subject headings taken from 
> list emails
> > already sent out genuinely via mailman.  Almost all have 
> our specific list
> > prefix (but interesting not every one).
> >
> > Has anyone else had this recently (started 3rd Sept approx and the
> > spammers
> > listed from address has 'kiev' in it)?
> >
> > I can only think of 2 ways this has happened
> >
> > 1) Our public archives have been harvested by a spammer.  This would
> > account
> > for the subject headings being used.  Email addresses are 
> displayed in the
> > archives as, literally, 'name at domain.com' which is not 
> immediately
> > harvestable but wouldn't take much code to convert ' at ' 
> to '@'. How do
> > we
> > make this more secure? I notice this list's archives are 
> not standard
> > mailman format!
> >
> > 2) One of our members PCs has been attacked and the 
> subjects and email
> > addresses taken from there.  All our emails are delivered 
> with the reply
> > to
> > address being the list but the originators email showing.  
> This would
> > account for a small number of the spams not having our list 
> prefix in the
> > subject heading (they would not have the prefix if stored 
> in the sent box
> > of
> > the person that created the genuine message).  However I 
> would expect at
> > least some members to report spam with entirely non list 
> subjects from the
> > same spammer.
> >
> > ------------------------------------------------------
> > Mailman-Users mailing list
> > Mailman-Users at python.org
> > http://mail.python.org/mailman/listinfo/mailman-users
> > Mailman FAQ: http://wiki.list.org/x/AgA3
> > Searchable Archives:
> > http://www.mail-archive.com/mailman-users%40python.org/
> > Unsubscribe:
> > 
> http://mail.python.org/mailman/options/mailman-users/opensourc
> e%40unixoses.com
> >
> > Security Policy: http://wiki.list.org/x/QIA9
> >
> 
>

More information about the Mailman-Users mailing list