[geeklog-devel] Spam to members of lists
Vincent Furia
vmf at abtech.org
Fri Feb 20 10:31:04 EST 2004
Tony,
We have gone through this before. Last time we switched many people
(including myself) complained that not having the email addresses of the
people sending emails to the list was a major PITA when it came to
keeping track of who said what. This is especially true since many
people don't sign their email.
I'd rather put up with a bit of SPAM (which SPAM filters can catch) then
have to figure out from context who was sending a message to the mailing
list. Also I like to be able to email people directly (especially for
some of the questions that pop-up on geeklog-users).
Note that the SPAMers could have gotten his email by scouring the
archive. Some people do a reply-to that includes something like:
joe at some.email.com said:
Which doesn't get filtered and an email address winds up on the lists
archive web pages to be grabbed by SPAM bots. Maybe there is a way to
filter email addresses out of the body of messages before they posted to
the archive?
-Vinny
Tony Bibbs wrote:
> I got this complaint today:
>
> <snip>
> Tony,
>
> I joined geeklog-users a little more than a week ago using newly created
> email
> addresses and posted only twice, and already I received two spam emails
> today
> to the new addresses (one of the addresses appears only in the Received
> header
> ).
>
> Either the spammer is a member of the list and receives emails with the
> full
> headers, or a list member's computer is infected and collects addresses.
>
> I know how seriously you and the development team of Geeklog think about
> security. I would like to ask your help to consider what could be done
> to stop
> spammers from collecting email addresses from geeklog lists. Right now I'm
> having second thoughts about publicly contributing to the development
> (at least
> not without stripping some mail headers).
>
> FYI below are transcripts of the blocked SPAM going to these two email
> addresses. They were received 1 second apart from two different IP
> addresses.
>
> sincerely,
> Drago Goricanec
> </snip>
>
> I then reviewed the privacy options and the only thing I see that we can
> do to fix this is set the very last option, "Hide the sender of a
> message, replacing it with the list address (Removes From, Sender and
> Reply-To fields)" to 'yes'.
>
> I think spam is enough of a problem where we should simply turn this off
> but I wanted to make sure I wasn't forgetting something because all this
> rings a bell with a situation way back when we were addressing this last.
>
> ...which reminds me I should probably upgrade mailman to see if we don't
> get some new anti-spam features (i.e. baysian filters, etc)
>
> Thoughts?
>
> --Tony
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>
More information about the geeklog-devel
mailing list