The fact that at least 4 people from this list have already responded
that they too have gotten that same mailman confirm email from that
domain/list at about the time, as they recall, that they first
subscribed here and made their first post leaves no doubt at this point
that there is a connection.
OK...that's easy enough, and doesn't require compromising anything. It just
requires subscribing an innocuous address to the list(s), and keeping track
of posted message senders.
Yup. The secret nightmare of any list admin -- that someone harvests a list by subscribing to it and then processing the postings.
In fact -- I believe I found the address. It has been removed, and the site banned from resubscribing. I tend to think this wasn't an intentional harvesting, actually, but it doesn't matter. My guess is their admin subscribed ot the list when they were setting up the site, and when they went production with their spam, set things up to that all incoming mail got forwarded to their spam lists. An intentional harvesting wouldn't be so easy to find.
But I think it's fixed, and I'm glad folks kept harping on this to make us go look for it. This kind of list harvest is something I've worried about for years, because it's basically impossible to find if they set it up right. Here's hoping I'm right and it was by accident.
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
