Re: [Mailman-Users] Harvesting of email addresses for spam from archives

2008-09-08 Thread Paul 
It helps to disallow but the site is allowing.  So possible some engines
will bot the whole site:

http://www.mail-archive.com/robots.txt


On Mon, September 8, 2008 8:25 am, David Beaumont wrote:
> We have had a lot of spams sent directly to our list members (i.e. not
> sent
> via mailman).  All of them have subject headings taken from list emails
> already sent out genuinely via mailman.  Almost all have our specific list
> prefix (but interesting not every one).
>
> Has anyone else had this recently (started 3rd Sept approx and the
> spammers
> listed from address has 'kiev' in it)?
>
> I can only think of 2 ways this has happened
>
> 1) Our public archives have been harvested by a spammer.  This would
> account
> for the subject headings being used.  Email addresses are displayed in the
> archives as, literally, 'name at domain.com' which is not immediately
> harvestable but wouldn't take much code to convert ' at ' to '@'. How do
> we
> make this more secure? I notice this list's archives are not standard
> mailman format!
>
> 2) One of our members PCs has been attacked and the subjects and email
> addresses taken from there.  All our emails are delivered with the reply
> to
> address being the list but the originators email showing.  This would
> account for a small number of the spams not having our list prefix in the
> subject heading (they would not have the prefix if stored in the sent box
> of
> the person that created the genuine message).  However I would expect at
> least some members to report spam with entirely non list subjects from the
> same spammer.
>
> --
> Mailman-Users mailing list
> Mailman-Users@python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> http://mail.python.org/mailman/options/mailman-users/opensource%40unixoses.com
>
> Security Policy: http://wiki.list.org/x/QIA9
>


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Harvesting of email addresses for spam from archives

2008-09-08 Thread David Beaumont 
Thanks is this still the case at  http://lists.shire.net/pipermail/dbamain/
?  We have just put a password on so I am hoping that will stop robots too.

David 

> -Original Message-
> From: Paul [mailto:[EMAIL PROTECTED] 
> Sent: 08 September 2008 20:00
> To: David Beaumont
> Cc: mailman-users@python.org
> Subject: Re: [Mailman-Users] Harvesting of email addresses 
> for spam from archives
> 
> It helps to disallow but the site is allowing.  So possible 
> some engines
> will bot the whole site:
> 
> http://www.mail-archive.com/robots.txt
> 
> 
> On Mon, September 8, 2008 8:25 am, David Beaumont wrote:
> > We have had a lot of spams sent directly to our list 
> members (i.e. not
> > sent
> > via mailman).  All of them have subject headings taken from 
> list emails
> > already sent out genuinely via mailman.  Almost all have 
> our specific list
> > prefix (but interesting not every one).
> >
> > Has anyone else had this recently (started 3rd Sept approx and the
> > spammers
> > listed from address has 'kiev' in it)?
> >
> > I can only think of 2 ways this has happened
> >
> > 1) Our public archives have been harvested by a spammer.  This would
> > account
> > for the subject headings being used.  Email addresses are 
> displayed in the
> > archives as, literally, 'name at domain.com' which is not 
> immediately
> > harvestable but wouldn't take much code to convert ' at ' 
> to '@'. How do
> > we
> > make this more secure? I notice this list's archives are 
> not standard
> > mailman format!
> >
> > 2) One of our members PCs has been attacked and the 
> subjects and email
> > addresses taken from there.  All our emails are delivered 
> with the reply
> > to
> > address being the list but the originators email showing.  
> This would
> > account for a small number of the spams not having our list 
> prefix in the
> > subject heading (they would not have the prefix if stored 
> in the sent box
> > of
> > the person that created the genuine message).  However I 
> would expect at
> > least some members to report spam with entirely non list 
> subjects from the
> > same spammer.
> >
> > --
> > Mailman-Users mailing list
> > Mailman-Users@python.org
> > http://mail.python.org/mailman/listinfo/mailman-users
> > Mailman FAQ: http://wiki.list.org/x/AgA3
> > Searchable Archives:
> > http://www.mail-archive.com/mailman-users%40python.org/
> > Unsubscribe:
> > 
> http://mail.python.org/mailman/options/mailman-users/opensourc
> e%40unixoses.com
> >
> > Security Policy: http://wiki.list.org/x/QIA9
> >
> 
> 

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Harvesting of email addresses for spam from archives

2008-09-08 Thread Bill Christensen 

At 6:13 PM +0100 9/8/08, David Beaumont wrote:

 > >I notice this list's archives are not standard

 >mailman format!


 I assume by 'this list' you mean [EMAIL PROTECTED] In what way
 are the archives "not standard"?


Thanks I mean the archives at
http://www.mail-archive.com/mailman-users%40python.org/

Ours are at http://lists.shire.net/pipermail/dbamain/

On ours you will see the emails have the ' at ' obscuration.   Yours don't
seem to show the email in any form.  How do we change to your format?

David



At a quick glance it doesn't look like it would be all too terribly 
difficult to change.   When I was using Mhonarc for the archives on 
one of my lists (before moving to Mailman last spring), I had a 
script that would change "[EMAIL PROTECTED]" to" [EMAIL PROTECTED]".  If I 
recall, it simply used a regex that looked for characters followed by 
an @ followed by more characters.  It then replaced everything from 
the @ to the next space with "...".


It appears that the code which does the obfuscation is in 
($prefix)/Mailman/Mailman/Archiver/HyperArch.py between lines 280 and 
290 in 2.1.11. (I'm sure someone will correct me if that's wrong info)

--
Bill Christensen


Green Building Professionals Directory: 
Sustainable Building Calendar: 
Green Real Estate: 
Straw Bale Registry: 
Books/videos/software: 
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Harvesting of email addresses for spam from archives

2008-09-08 Thread Brad Knowles 

David Beaumont wrote:


I notice this list's archives are not standard
mailman format!


I assume by 'this list' you mean [EMAIL PROTECTED] In what way
are the archives "not standard"?


Thanks I mean the archives at
http://www.mail-archive.com/mailman-users%40python.org/


We don't run those.  Those are the official searchable archives, as provided 
by an approved third-party.


You could do the same, if you like.


Alternatively, you might consider using a piece of third-party archive 
software that runs on your own hardware.  That's also discussed in the 
documentation.



Ours are at http://lists.shire.net/pipermail/dbamain/

On ours you will see the emails have the ' at ' obscuration.   Yours don't
seem to show the email in any form.  How do we change to your format?


Contact the people at mail-archive.com and ask them to provide an external 
third-party archive for your lists.  I don't know, but they might ask you to 
pay them some money, unless you're big enough that they want to provide that 
service to you for free.


--
Brad Knowles <[EMAIL PROTECTED]>
Member of the Python.org Postmaster Team & Co-Moderator of the
mailman-users and mailman-developers mailing lists
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Harvesting of email addresses for spam from archives

2008-09-08 Thread David Beaumont 
> >I notice this list's archives are not standard
> >mailman format!
> 
> 
> I assume by 'this list' you mean [EMAIL PROTECTED] In what way
> are the archives "not standard"?

Thanks I mean the archives at
http://www.mail-archive.com/mailman-users%40python.org/

Ours are at http://lists.shire.net/pipermail/dbamain/

On ours you will see the emails have the ' at ' obscuration.   Yours don't
seem to show the email in any form.  How do we change to your format?

David

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Harvesting of email addresses for spam from archives

2008-09-08 Thread Mark Sapiro 
David Beaumont wrote:

>We have had a lot of spams sent directly to our list members (i.e. not sent
>via mailman).  All of them have subject headings taken from list emails
>already sent out genuinely via mailman.  Almost all have our specific list
>prefix (but interesting not every one).
>
>Has anyone else had this recently (started 3rd Sept approx and the spammers
>listed from address has 'kiev' in it)?


I have not seen it.


>I can only think of 2 ways this has happened
>
>1) Our public archives have been harvested by a spammer.  This would account
>for the subject headings being used.  Email addresses are displayed in the
>archives as, literally, 'name at domain.com' which is not immediately
>harvestable but wouldn't take much code to convert ' at ' to '@'. How do we
>make this more secure? I notice this list's archives are not standard
>mailman format!


I assume by 'this list' you mean [EMAIL PROTECTED] In what way
are the archives "not standard"?

It would take modifications to the mailman archiving code to change the
obfuscation of email addresses.

While it certainly would not be difficult for spammers to abuse your
public archive in this way, I am a member of several Mailman lists
with public archives and I post at least occasionally to them and I
haven't received any spam like that you describe.


>2) One of our members PCs has been attacked and the subjects and email
>addresses taken from there.  All our emails are delivered with the reply to
>address being the list but the originators email showing.  This would
>account for a small number of the spams not having our list prefix in the
>subject heading (they would not have the prefix if stored in the sent box of
>the person that created the genuine message).  However I would expect at
>least some members to report spam with entirely non list subjects from the
>same spammer.   


What you say above all seems correct to me.

-- 
Mark Sapiro <[EMAIL PROTECTED]>The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Users] Harvesting of email addresses for spam from archives

2008-09-08 Thread David Beaumont 
We have had a lot of spams sent directly to our list members (i.e. not sent
via mailman).  All of them have subject headings taken from list emails
already sent out genuinely via mailman.  Almost all have our specific list
prefix (but interesting not every one).

Has anyone else had this recently (started 3rd Sept approx and the spammers
listed from address has 'kiev' in it)?

I can only think of 2 ways this has happened

1) Our public archives have been harvested by a spammer.  This would account
for the subject headings being used.  Email addresses are displayed in the
archives as, literally, 'name at domain.com' which is not immediately
harvestable but wouldn't take much code to convert ' at ' to '@'. How do we
make this more secure? I notice this list's archives are not standard
mailman format!

2) One of our members PCs has been attacked and the subjects and email
addresses taken from there.  All our emails are delivered with the reply to
address being the list but the originators email showing.  This would
account for a small number of the spams not having our list prefix in the
subject heading (they would not have the prefix if stored in the sent box of
the person that created the genuine message).  However I would expect at
least some members to report spam with entirely non list subjects from the
same spammer.   

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9