Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Sub: best thing on the internet
- Date: Sat, 28 Aug 2004 21:29:01 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] Sub: best thing on the internet
- References: <F21A09F8.4BD3A77@example.com><20040827182636.6eeed4de.gstewart@example.com><20040828045300.GQ14400@example.com><20040828105002.04776b74.gstewart@example.com>
- Organization: The XEmacs Project
- User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chayote, linux)
>>>>> "Godwin" == Godwin Stewart <gstewart@example.com> writes:
Godwin> On Fri, 27 Aug 2004 21:53:00 -0700, Jonathan Byrne
Godwin> <jq@example.com>
Godwin> wrote:
>> Someone please, please, please tell me that Smartlist can't be
>> fooled into letting a post through by addressing it to
>> listmaster.
Godwin> What I assume happened is that the spammer used the From:
Godwin> address of someone who *is* subscribed to the TLUG mailing
Godwin> list in order to jump over that particular hurdle, and
Godwin> that the SMTP "RCPT TO:" address differed from the DATA
Godwin> "To:" address. So, in effect, the mail *was* sent to
Godwin> tlug@example.com by Bcc: (typical spammer trick, as you know).
In fact, it was the (fake?) spammer address that was subscribed
according to Jim Tittsler on tlug-admin.
However, the particular trick you are talking about has been used to
fool at least emacs-devel, python-dev, and mailman-developers into
accepting spam from the head maintainers (rms, Barry Warsaw, and Guido
van Rossum respectively). I haven't seen any to XEmacs from me, yet.
I guess that means I'm not famous enough. :-) Both auto-subscribes
and stealing subscriber identities are easily automated if the lists
are googlable/searchable from the home page. Auto-subscribe can be
done blind since most lists use the $LIST-request and/or
$LIST-subscribe aliases for such requests.
I'm told that the most effective way to stop spam on python-dev (based
on Bayesian learning scores) was to have the word "python" in the body
of the message. Maybe if we don't allow any posts that don't mention
"Tokyo" and "linux"? :-)
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
- Follow-Ups:
- Re: [tlug] Sub: best thing on the internet
- From: Godwin Stewart
- Re: [tlug] Sub: best thing on the internet
- From: Scott Robbins
- Re: [tlug] Sub: best thing on the internet
- References:
- [tlug] Sub: best thing on the internet
- From: cyril moorehead
- Re: [tlug] Sub: best thing on the internet
- From: Godwin Stewart
- Re: [tlug] Sub: best thing on the internet
- From: Jonathan Byrne
- Re: [tlug] Sub: best thing on the internet
- From: Godwin Stewart
- [tlug] Sub: best thing on the internet
- Prev by Date: Re: [tlug] Sub: best thing on the internet
- Next by Date: Re: [tlug] Sub: best thing on the internet
- Previous by thread: Re: [tlug] Sub: best thing on the internet
- Next by thread: Re: [tlug] Sub: best thing on the internet
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |