On 9/30/07, Robert Braver wrote: > Wholesale bouncing of list mail to non-subscribers is totally > unacceptable due to the amount of outscatter this will cause. (see > http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam )
Mailman is pretty resistant to generating backscatter. Yes, if configured to do so, it will generate it. But it keeps track of how often it has responded to a given address in a given period of time, and won't respond more than a set number of times in a day to a given address. This effectively limits the ability to abuse Mailman as a backscatter amplifier for a DDoS attack. However, in some cases, even just a single instance of backscatter can get you put on a blacklist. So, you've got to weigh the relative evils of not responding at all to a potential legitimate message from a real human being, or generating potential backscatter. > It only took one list member from one of the smaller lists (which is > private and not listed anywhere) who had their address book > harvested by a trojan to cause about 50 spam emails a day to that > list alone on an ongoing basis... so hiding the list addresses > doesn't guarantee that they won't eventually leak out and get on the > spam lists. Security through obscurity never works. Ultimately, you always get found out. Usually, that ends up happening sooner rather than later. However, keeping lists private as part of a larger security scheme can be effective -- just make sure that keeping the list private isn't your only method of security. -- Brad Knowles <[EMAIL PROTECTED]> LinkedIn Profile: <http://tinyurl.com/y8kpxu> ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
