LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: A list that accepts mail from anyone?

Paul Russell <[log in to unmask]>

Wed, 20 Dec 2006 17:08:55 -0500

text/plain (28 lines)

On 12/20/2006 15:26, Valdis Kletnieks wrote:
> On Wed, 20 Dec 2006 14:38:10 EST, Jeff Kiesel said:
>> It's internal, it should be OK.  It still just feels wrong though...
> 
> Famous last words. :)
> 
> A while ago, we had a list of about 3,000 people (all internal, mostly
> students).  It was set to *one* person being able to post to it.  And then
> a worm came along, scraping addresses to put in the From and To fields.
> 
> And at least 40 or 50 times, on a dozen different machines, the worm found the
> listname, stuck it in the To:, found the one authorized person, stuck that in
> the From:, and it's off to the races.  (Of course, the dozen source machines
> were all used by subscribers, so they had postings lying around that had the
> person and list in From:/To:, ready to be scraped...)
> 

This is why most of our announcement lists and some of our discussion lists are
configured to require confirmation on posting. It takes only one incident in
which spam is distributed to the list to convince the list owner that it is well
worth the extra effort.

-- 
Paul Russell, Senior Systems Administrator
OIT Messaging Services Team
University of Notre Dame
[log in to unmask]

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM