[geeklog-devel] Spam to members of lists

Vincent Furia vmf at abtech.org
Fri Feb 20 10:31:04 EST 2004


We have gone through this before.  Last time we switched many people 
(including myself) complained that not having the email addresses of the 
people sending emails to the list was a major PITA when it came to 
keeping track of who said what.  This is especially true since many 
people don't sign their email.

I'd rather put up with a bit of SPAM (which SPAM filters can catch) then 
have to figure out from context who was sending a message to the mailing 
list.  Also I like to be able to email people directly (especially for 
some of the questions that pop-up on geeklog-users).

Note that the SPAMers could have gotten his email by scouring the 
archive.  Some people do a reply-to that includes something like:

	joe at some.email.com said:

Which doesn't get filtered and an email address winds up on the lists 
archive web pages to be grabbed by SPAM bots.  Maybe there is a way to 
filter email addresses out of the body of messages before they posted to 
the archive?


Tony Bibbs wrote:
> I got this complaint today:
> <snip>
> Tony,
> I joined geeklog-users a little more than a week ago using newly created 
> email
> addresses and posted only twice, and already I received two spam emails 
> today
> to the new addresses (one of the addresses appears only in the Received 
> header
> ).
> Either the spammer is a member of the list and receives emails with the 
> full
> headers, or a list member's computer is infected and collects addresses.
> I know how seriously you and the development team of Geeklog think about
> security. I would like to ask your help to consider what could be done 
> to stop
> spammers from collecting email addresses from geeklog lists. Right now I'm
> having second thoughts about publicly contributing to the development 
> (at least
> not without stripping some mail headers).
> FYI below are transcripts of the blocked SPAM going to these two email
> addresses. They were received 1 second apart from two different IP 
> addresses.
> sincerely,
> Drago Goricanec
> </snip>
> I then reviewed the privacy options and the only thing I see that we can 
> do to fix this is set the very last option, "Hide the sender of a 
> message, replacing it with the list address (Removes From, Sender and 
> Reply-To fields)" to 'yes'.
> I think spam is enough of a problem where we should simply turn this off 
> but I wanted to make sure I wasn't forgetting something because all this 
> rings a bell with a situation way back when we were addressing this last.
> ...which reminds me I should probably upgrade mailman to see if we don't 
> get some new anti-spam features (i.e. baysian filters, etc)
> Thoughts?
> --Tony
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel

More information about the geeklog-devel mailing list