[Mailman-Users] Unexpected unsubscription confirmation emails

[Mark Sapiro]

On 09/16/2018 07:44 AM, Peter Shute wrote:
> At least one member of our list has received an unexpected email from the list server requesting confirmation of unsubscription. It looks to me like someone has filled in this member's address on the unsubscription form on their behalf in an attempt to remove them from the list.


Or, if you have a personalized unsubscribe link in a list footer like
this list does, the list member replied to or forwarded a list post
without removing the quoted footer and a recipient clicked it
maliciously, inadvertently or thinking she was unsubscribing herself.


> Is there any way for us to monitor these attempts?


You could analyze your web server logs looking for POSTs to the list's
options page, however that won't show you the POST data so won't be too
useful.

Alternatively, you could modify the ConfirmUnsubscription method in
Mailman/MailList.py to log the event in addition to sending the
confirmation email, or perhaps more simply, change the lines

        msg = Message.UserNotification(
            addr, self.GetRequestEmail(cookie),
            text=text, lang=lang)

in that method to

        msg = Message.UserNotification(
            [addr, 'other at example.com'], self.GetRequestEmail(cookie),
            text=text, lang=lang)

to effectively Bcc: all such notices to other at example.com.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan