[Pkg-mailman-hackers] Bug#381042: mailman: subscription spam prevention

Paul Wise pabs3 at bonedaddy.net
Fri Aug 4 07:54:48 UTC 2006


On Fri, 2006-08-04 at 09:28 +0200, Lionel Elie Mamane wrote:

> >> How does it try to achieve that?
> 
> > On a per-list basis, it prevents the same email address from
> > attempting to subscribe more than once. It does this by checking the
> > request pickle and the confirmations pickle for the list and
> > searching them for the email being submitted. If it finds that the
> > email already has a pending-approval subscription or a to-be
> > confirmed subscription, then it discards the subscription attempt
> > and logs a message containing the list name, the email and the IP
> > address the HTTP request was sent from.
> 
> What if a legitimate user doesn't get the first subscription
> confirmation message, e.g. due to a transitory problem in his mail
> system, a false positive of an anti-spam check, ...?

That is a problem, in which case, the confirmation will expire and
eventually they will retry, hopefully getting the mail this time.

The main reason this patch was developed was for lists that only require
list admin approval, where the list admin was getting spammed with
hundreds of "please approve foo at bar.com" messages. IIRC, there was
evidence that on the confirmation lists, foo at bar.com was getting many
many emails.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-mailman-hackers/attachments/20060804/942f5bf0/attachment.pgp


More information about the Pkg-mailman-hackers mailing list