0

I administer a few moderate traffic mailing lists. I'm starting to get reports from list members about spam being sent to them after they post to a list. I've been sent a couple of these spam messages with full headers. Looking at these headers, I found that the spammer was pulling the From:, Subject:, Thread-Topic:, and Thread-Index: headers from the list message, then used that info to send spam directly to the poster. (Please note, the spam does not flow through our list server; it's sent directly to the poster's address.)

Because the Thread-Topic: and Thread-Index: values were included in the spam, I suspect that the spammer is getting access to the mail directly and not scraping the web archives or RSS feeds (since those headers aren't available in the archive or RSS feeds).

  1. Is there anything we can do to stop this spam? We're using Mailman. Converting these lists to anonymous lists isn't an option. We have list posting tied to list membership, but anyone can subscribe to the lists, as long as the subscribe confirms their email address.
  2. If we're unable to stop the spam outright, any suggestions about how to find which subscriber's feed is being used to feed the spammer? It's not a great option, but at least we can temporarily stop the spammer's source.

Thanks, Pete

Sigsegv
  • 101
  • 2
  • Can you post the full header of email sent by your spammer? – masegaloeh Apr 14 '15 at 22:15
  • No, I can't really. We looked into the domain of the spammer and looked up the SOA for the delegation to that domain. Contacted the registrars, but don't expect much. Also looked into the IP of the mail server that handed off the spam to the posters' mail systems. It was the same IP in both cases, so we contacted the service provider. Maybe one of these will put the spammer down for a couple minutes. *sigh* – Sigsegv Apr 17 '15 at 20:27

1 Answers1

3

Facing the same issue. The mailing list ‘mailman-users’ suggests:

[…] add an address IN A DOMAIN YOU CONTROL in a X-[something] header (or perhaps a Cc header) that is unique to each recipient so that when you get mail to that address, you've identified your problem user.

Alexander Traud
  • 31
  • 2
  • Thanks, Alexander. I had forgotten that I posted this a few years ago and came upon it again as I am again looking for how to handle this same issue. I'll have to read up on that thread to see if anyone has a good suggestion for how to handle this issue. – Sigsegv Apr 21 '21 at 20:39