LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Spam e-mail sent to announce-only list

Wes Anderson <[log in to unmask]>

Tue, 20 May 2003 15:07:41 -0400

text/plain (54 lines)

We have just been hit by a spammer who successfully sent junk mail to our
list of 5000 subscribers.  The e-mail From field shows our Listserv admin
account which was not an account that was even identified in the list's
configuration file.  The configuration was set to Send=Private (so no
non-subscribers could post) and Default-Options=NOPOST (so no subscribers
could post).  We thought this meant that only the owner could post but of
course didn't predict that someone could "forge" this address or the admin
address and send an e-mail.

We have since changed the Send parm to Send=Editor,Hold,Confirm.

I've tried a number of tests and this setting seems to do the trick, but I
wanted to poll this group to get recommendations on other settings that
might be set, keeping in mind that we send out broadcasts about once a month
and don't want it to be a painstaking, high maintenance activity.

Note also that the list is re-generated through a bulk-load process.
Subscribers cannot subscribe or change their settings, so it seems that the
Validate parm is not as critical as would be the case if subscribers were
allowed to manage their accounts.

The current configuration looks like this:

Subscription= By_owner
Ack= Yes
Confidential= Yes
Validate= No
Reply-to= [log in to unmask]
Review= Owners
Editor= xxxxxx @pharmacists.ca
Send= Editor,Hold,Confirm
Errors-To= Owner
Owner= xxxxxx @pharmacists.ca
Default-Options= NOPOST
Notebook= Yes,e:\sites\listserv-cpha.inf.ca,Monthly,Owner
Change-Log= Yes

Also, we are trying to determine who the spammer is and how they managed to
send this e-mail.  Does anyone have any experience in this area?  The
manager of our Listserv says there was a virus that generated the e-mail but
it's still not clear how a virus could find the admin account to post to
this list.  Any ideas?

Thanks in advance.

...Wes

=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
Wes Anderson, Wescath Solutions
per Canadian Pharmacists Association
Tel: 613-523-7877 ext. 228
CPhA: [log in to unmask] <mailto:[log in to unmask]>
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM