[geeklog-devel] Spam to members of lists

[Tony Bibbs]

I got this complaint today:

<snip>
Tony,

I joined geeklog-users a little more than a week ago using newly created 
email
addresses and posted only twice, and already I received two spam emails 
today
to the new addresses (one of the addresses appears only in the Received 
header
).

Either the spammer is a member of the list and receives emails with the full
headers, or a list member's computer is infected and collects addresses.

I know how seriously you and the development team of Geeklog think about
security. I would like to ask your help to consider what could be done 
to stop
spammers from collecting email addresses from geeklog lists. Right now I'm
having second thoughts about publicly contributing to the development 
(at least
not without stripping some mail headers).

FYI below are transcripts of the blocked SPAM going to these two email
addresses. They were received 1 second apart from two different IP 
addresses.

sincerely,
Drago Goricanec
</snip>

I then reviewed the privacy options and the only thing I see that we can 
do to fix this is set the very last option, "Hide the sender of a 
message, replacing it with the list address (Removes From, Sender and 
Reply-To fields)" to 'yes'.

I think spam is enough of a problem where we should simply turn this off 
but I wanted to make sure I wasn't forgetting something because all this 
rings a bell with a situation way back when we were addressing this last.

...which reminds me I should probably upgrade mailman to see if we don't 
get some new anti-spam features (i.e. baysian filters, etc)

Thoughts?

--Tony