[Mailman-Users] Spam Subscriptions

Phil Stracchino phils at caerllewys.net
Fri Feb 23 11:10:33 EST 2018


On 02/23/18 10:07, David Andrews wrote:
> Secondly, there is some commonality in the subscribe addresses, are 
> there strings I can use to discard the subscribes so I never have to see them.
> 
> Below are examples, there is a common word, or a common word, a 
> period ., and another common word, then a plus sign + then a 4 5 or 6 
> character word, all alpha, and @gmail.com
> Here are examples:
> 
> dragonommz+
> jwmidnight+
> nommz.naidoo+
> 
> If I could knock these out, it would be helpful.  This has happened 
> several times previously, but has always stopped after a few weeks. 
> This time it has been a couple months.


You can't filter based on that address format.  (At least, not and be
correct.)

This format, plus-extension, is a legitimate address structure
specifically for the purpose of generating traceable throwaway
addresses.  If I give you reddog+thislist at example.com as my email
address, which I receive at my address reddog at example.com, and I've
given that to no-one else, and a few weeks later I start getting random
spam sent to reddog+thislist at example.com, I know you have (intentionally
or otherwise) leaked my email address.

Just because an address is plus-extended does not mean it is spam.  If
you choose to refuse extended addresses, you risk refusing legitimate
subscribers.

Have you considered requiring CAPTCHAs for subscription?


-- 
  Phil Stracchino
  Babylon Communications
  phils at caerllewys.net
  phil at co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958


More information about the Mailman-Users mailing list