On Feb 17, 2005, at 8:19 AM, Mark Sapiro wrote:
I'm still a bit more skeptical at this point than "no doubt", but I'm open to the idea.
since I've already found the culprit (I hope), it's well beyond no doubt. it's guaranteed.
Someone is somehow watching this public list and getting addresses of (some, all?) first time posters to this list and attempting to subscribe those addresses to some other list.
There doesn't seem to be any security issue here.
It's a huge security issue. Someone is hijacking a mailing list and forcing its users to see content they didn't ask for, iwthout permission of the owner of the list. Now, imagine instead of a single confirm message, every posting got it. And that the harvesting address was on hotmail.com and forwarding off somewhere.
now what? how do you find it? how do you stop it?
as this list is public and anyone can subscribe to it or visit its archive.
which doesn't give anyone a right to spam users of it. or harvest it.
You want to kill a mailing list? do what I just suggest, and every time someone posts to it, they get porn spam. the list'll go stone dead very quickly. Want to kill mailing lists in general? let it be known that spammers have figured out that to harvest emails, all they need do is subscribe to mailing lists and harvest what comes in to their safe-house address. And since there's no direct connection there, how do you stop THAT?
There are things that could be done, but few to no mailing lists do them. And it's a serious issue that I feel is just a matter of time...
It's a big issue, mark. it's one of people repurposing our stuff for their purposes, and whether we have a say in them being able to do it (or stopping them somehow). USENET ultimately had no control mechanisms. It's dead.
mail lists? very vulnerable.
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
