LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: prevent listserv bounces to the internet

Hal Keen <[log in to unmask]>

Thu, 7 Dec 2006 11:10:22 -0600

text/plain (45 lines)

> Alternatively, I have observed that these messages do appear if the
> "All Moderators" option is checked in the Moderation option on the web
> interface - they are not totally lost, so a list owner/moderator who
> wants to minimize spam back-scatter but not completely lose access to
> non-subscriber postings can apply this edit, and scan through the
> awaiting-moderation list to pick them out.

But these are messages that have not yet received the non-member
confirmation, and they shouldn't be presented to moderators at all. That
sounds like a bug. Is it safe to build a configuration that relies on it?

> And I have a somewhat related question for the group.  We have one
> particular list that has *always* been configured with Confidential= Yes
> in the header (I'm the site admin, and this one has required close
> attention from the start), but is receiving a dozen or so incoming spam
> messages a day.  The mystery for me is how did this list address come to
> appear in spammer databases, and I will appreciate the collective wisdom
> here on that question.

The most obvious routes to exposure are:
(1) someone posted a link to the list on a website, and it got harvested;
(2) someone posted a subscription link, and it got harvested by someone who
made the effort to derive the list address;
(3) some subscriber got a virus that picked up the list address and used it
as a spoofed "From:" address when trying to propagate itself, and that fell
into the wrong hands; or
(4) someone archived list email publicly, or forwarded list email to some
other list that archived it publicly, etc.

I've also had an owner-address tortured with spam, apparently after someone
stole a system dump and made it available for misuse.

I'm a bit fanatical about keeping my lists from becoming too well known: I
use throwaway addresses for Sender= (a frequent source of information for
spammers) and published links to me, and script-scramble all published links
for subscribing, unsubscribing, etc. (If the user doesn't support/allow
Javascript, they get an email link to my throwaway address, and I'll take
care of their problems personally.)

These measures might become more vital now because we just had to turn off
our spam scans, which recently decided that anything from Japan was
"unacceptable" even if it came from a longstanding participant.

Hal Keen

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM