[Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

[Petersen, Kirsten J - NET]

Gary, et al:

The Mailman lists at Oregon State University have been receiving excessive request for subscriptions since mid-October as well.  Our list administrators were suspicious because often the names on the requests did not match the email addresses.  Also, many lists that had been defunct for years were receiving requests, too.

I spent some time trying to figure out what the lists that were being hit had in common.  Not all of the lists receiving requests were advertised on the listinfo page.  Today I realized that all of the lists involved in this attack have their subscribe_policy set to just "require approval" rather "confirm" or "confirm and approve".  So I think the theory that spammers were just trying to get on the lists to harvest member addresses is probably correct.

My folks are beating down my door for a solution, too, and I can't think of a good one.  We host lists for the international community, so any measure I take that makes it harder for external people to subscribe will negatively impact intended use.  I am going to advise my list admins to enable confirmation, which should discourage these attempts.  It also occurred to me that I could write a script to monitor the vette log and purge requests that look suspicious - mainly based on the same email address attempting to subscribe to multiple unrelated lists at the same time.

If anyone else has any bright ideas about this problem, I would love to hear it.

-Kirsten Petersen
Network Services, Oregon State University
http://oregonstate.edu/is/services/network-services
net at oregonstate.edu<mailto:net at oregonstate.edu> (7-HELP, option 2)
itconsult at oregonstate.edu<mailto:itconsult at oregonstate.edu> (7-4710)