| 1 |
On Wed, 2009-05-27 at 09:28 -0700, Robin H. Johnson wrote: |
| 2 |
> Lately we've been seeing a LOT of spam being sent to the mailing list |
| 3 |
> subscribe mechanism, with the side effect that the subscribe mechanism |
| 4 |
> responds to the From header address with a confirmation request. That |
| 5 |
> address (along with the envelope sender) are unfortunately forged. |
| 6 |
> |
| 7 |
> The volume of the confirmation requests is getting worse than direct |
| 8 |
> spams, because the spam filtering considers the confirmation requests to |
| 9 |
> be valid email (they would be, except for the fact they are |
| 10 |
> unsolicited). |
| 11 |
> |
| 12 |
> To combat this problem, I'd like us to consider switching the subscribe |
| 13 |
> mechanism for the mailing lists to be a web form (protected with |
| 14 |
> recaptcha). Unsubscribe will continue to be offered as an email action |
| 15 |
> for the moment, because it ignores the mail if the address was not |
| 16 |
> subscribed. |
| 17 |
|
| 18 |
Fine with me. I've been getting quite a few of these lately, and since |
| 19 |
I sometimes do subscribe to new lists, I have to look at them before |
| 20 |
discarding. |
| 21 |
|
| 22 |
Regards, |
| 23 |
Ferris |
| 24 |
-- |
| 25 |
Ferris McCormick (P44646, MI) <fmccor@g.o> |
| 26 |
Developer, Gentoo Linux (Sparc, Userrel, Trustees) |
Archives