[EMAIL PROTECTED](Seth, Wayne (Contractor)) 20.03.03 07:21
>Joshua, >The spam comes both ways. I searched and the last three spams went totally normally to "amanda-user" Be cause i never mail with my subscription address to any mailing list i can be quite sure that the database is not in the hand of spammers. Just look if all emails had the same return path. (not reply to/from) >In all cases so far, the message part is in >several foreign languages, so probably not from one source. >My feeling is that somehow the spammers have gotten into to amanda >user-list database and are using it directly. No. Possible but rediculess. That would be much too "expensive" for the spammers. Rule 1: Spammers are dangerous, stupid and lazy. To stop littering on the list there are 2..3 ways: 1) make the list "closed" so that only people who subscribed can mail. Reject mails of not subscribers (bouncing is no good idea, but better than discarding.) 2) Use spamassin or other bogos filters. (That may give lot of trouble if you are open to chinese too..) 3) allow only PGP sigend eMails, verified To avoid direct spam to my subscription address, i currently have to use a little trick (because the list software have no otehr way currently to "cloak" from-address). I subscribe twice: One subscription is on holidays since approx. 2032 (some list software are not 2032 proof). That address is used to mail to the list. The other address gets all mails from the list. I would recommend the list owner to make the list "closed". To avoid spam it is completely sufficient to have no "confirmed opt in". But of cause there are other _good_ reasons to use confirmations. If he as time, he may confirm the subscriptions on his own or let the robot do it automatically. The entry to the subscription robot should be RBL filtered, so that open relays or proxies can't be used to make anonymous subscribes. (If there is no confirmation requested that is a must, IMHO).
