UOL spam issue
Paul Howarth
paul at city-fan.org
Tue Jan 24 14:00:04 UTC 2006
Tim wrote:
> On Mon, 2006-01-23 at 16:26 -0800, Kenneth Porter wrote:
>
>>The page says that the challenge message preserves only the subject
>>line. How about injecting the subscriber ID into the subject line of
>>the monthly reminder emails? (I auto-file those to a separate
>>Administrivia folder.) That's the one regular message coming from the
>>list itself (ie. not a subscriber) so the bounce goes back to the
>>list admin where it can be analyzed to remove the miscreants.
>>
>>The mailman patch should be published so that other lists can benefit
>>from this. I googled the uol.com.br domain and see the problem
>>reported on a lot of other lists.
>
>
> Other mailing lists that I've been on avoid this sort of thing by having
> a double confirmation when you sign up: You sign up, get sent back a
> confirmation e-mail, you reply back to confirm, and another message is
> sent to you confirming all of that.
>
> The process requires interaction from you for the confirmations to work,
> and a bounce message from a stupid anti-spam system wouldn't confirm
> you, so you wouldn't get any list mail (and, therefore, couldn't send
> idiotic bounces back to the list one way or another).
This list already uses a confirmation step. Thus the twit must have
received the confirmation message somehow and been able to follow the
instructions in it. Since the culprit appears to be forwarding mail from
some other domain to uol.com.br, it's possible that he or she may be
receiving their mail at multiple addresses and managed to confirm from
an address not behind the challenge-response spam system.
Paul.
More information about the fedora-list
mailing list