spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Malicious subscriptions of innocent bystanders to the SPF mailing lists -- moving the lists away from Listbox?

2006-07-19 03:05:39
from [Julian Mehnle] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andy Bakun wrote:

Uh, I'm getting bounce messages like the following when I send a message
to the list...
[...]

Can someone take care of this and unsubscribe these addresses, which are
obviously other mailing lists?  I only ever sent both of my recent
messages to spf-discuss(_at_)v2(_dot_)listbox(_dot_)com (sorry I had to post 
this, I
don't see a quick way to send a message to list owners on listbox).


(The list owner address generally is 
<listname>-owner(_at_)v2(_dot_)listbox(_dot_)com(_dot_))

I must admit it is probably my fault in part.  I am continuously monitoring 
the weekly subscription reports for all the SPF lists.  Innocent 
bystanders' e-mail addresses (such as ...@(service.)paypal.com) are being 
subscribed to some of the lists regularly by anonymous idiots thanks to a 
vulnerability in the listbox.com software (which I won't go into in 
detail).  Up to a few days ago, I had always marked those addresses 
as "post-only" and "posting denied".

The last reports again made me aware that some other mailing lists had been 
maliciously subscribed to spf-discuss, but I have become sick of working 
around this stupid Listbox security hole.  I'll try notifying the Listbox 
staff about it one more time, but if they don't manage to fix it soon, I 
hereby propose that we move the lists off the Listbox system.

In that case we would need a new host.  spf-discuss currently has roughly 
1k subscribers, spf-help has ~1.5k, the rather inactive spf-announce has 
~4.4k, and the other lists (spf-devel, spf-council, etc.) are either very 
inactive or have << 1k of subscribers (or both).  Could anyone host those 
lists using Mailman (or another user-friendly MLM) in the case that we 
can't get Listbox to fix itself?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEvfm7wL7PKlBZWjsRAnx+AKCRxInmfsrlfPHvFWF+x3WWH7ujYwCfcGHD
4T4wuBx4AlWiMkganMBSApE=
=OEYB
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] mailing lists subscribed to spf-discuss?!?, wayne
Next by Date:  [spf-discuss] Article mentioning SPF...., Boyd Lynn Gerber
Previous by Thread:  Re: [spf-discuss] mailing lists subscribed to spf-discuss?!?, wayne
Next by Thread:  Re: [spf-discuss] Malicious subscriptions of innocent bystanders to the SPF mailing lists -- moving the lists away from Listbox?, Koen Martens
Indexes:  [Date] [Thread] [Top] [All Lists]