On one of my lists I'm seeing some spam from non-subscribers getting through. It appears that the trick is to put a subscriber's address in the "real name" of the sender. E.g., this got through, without being held for moderation, on a list with generic_nonmember_action = discard (emails of the innocent obfuscated):
*From:* "x...@johnxxx.com <j...@johngreenwaltlee.com>" <enrollm...@ekonek.com> *Date:* July 18, 2018 at 5:27:24 PM CDT *To:* <listn...@server.org <os...@cool.conservation-us.org>> *Subject:* *[OSG-l] No. PL-01-17923 AIC Objects Specialty Group Discussion* *Reply-To:* My List's Name <listn...@server.org <os...@cool.conservation-us.org>> Account Summary: --------------------------- Invoice No: No. PL-01-17923 Billing Date: Jul 19, 2018 Due Date: Jul 22, 2018 Amount Due: 1,047.48 Download DOC: etc. (I'm avoiding sharing the links that follow). x...@johnxxx.com IS a subscriber on the list. However enrollm...@ekonek.com is not. Yet this message went straight through, as if it had been sent by a subscriber. I've looked at the archives of mailman-users and it looks like--from a very old discussion--that a) this cheap trick should not be sufficient to allow the message through b) the content of the message as delivered to the list may not reflect the exact contents/metadata of the message as it was sent. Still, I don't really know what else could be going on here, or how to investigate. Suggestions? Thanks! Matt ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
