[Mailman-Users] Distributed mass subscribe attack?
Phil Stracchino
phils at caerllewys.net
Fri Aug 18 13:07:29 EDT 2017
On 08/18/17 12:25, tlhackque via Mailman-Users wrote:
> On 17-Aug-17 16:47, Andy Cravens wrote:
>>
>>
>> David,
>>
>> I forgot to mention I’m also working on a modsecurity rule to look at all POSTs
>> and reject if they contain an email address with a + sign.
>>
> I understand the drive to suppress an attack. However, + is valid in
> e-mail addresses. It's frequently used by people to setup auto-filing
> rules, and/or to track the source of addresses harvested for SPAM.
>
> I strongly discourage any service provider from defining what formats of
> e-mail addresses are acceptable. Such definitions, however
> well-intentioned, are almost always wrong - and effectively blindly deny
> service.
I second this. It is a legitimate part of compliant email addresses, no
matter how many web stores seem to believe otherwise (or are merely
unaware of it).
> If an address is valid per RFC822 (2822,5322, ...), accept it.
This.
> No matter what you do, the spammers will adapt, eventually. But unless
> you're a particularly appealing target, they're likely to move on if you
> do almost anything unusual.
One of your best first lines of defense is don't be the low-hanging fruit.
--
Phil Stracchino
Babylon Communications
phils at caerllewys.net
phil at co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
More information about the Mailman-Users
mailing list