Talking about spam and stuff..

Adrian_Chadd2 · November 17, 1997, 2:28pm

Hmmsies..

$ cat /tmp/nanoglist | wc -l
2883
$

Ever since I subscribed to the list, I started to get spam. Which is
strange, this email accounts gets (a) staff email, (b) nanog email.
So a bit of snooping showed me that anyone can send the "who nanog" (or
"which nanog", I cant remember which one, I just sent both command
to nanog@merit.edu and lo and behold, the subscriber list came back.

So I'm asking the list admins to please disable the command, so spammers
can't just grab a user list.. and also, for people who run large email
lists, to consider doing the same.

Adrian

Daniel_Reed · November 17, 1997, 10:16pm

) Ever since I subscribed to the list, I started to get spam. Which is
) strange, this email accounts gets (a) staff email, (b) nanog email.
) So a bit of snooping showed me that anyone can send the "who nanog" (or
) "which nanog", I cant remember which one, I just sent both command
) to nanog@merit.edu and lo and behold, the subscriber list came back.
)
) So I'm asking the list admins to please disable the command, so spammers
) can't just grab a user list.. and also, for people who run large email
) lists, to consider doing the same.
I've received several pieces of UCE that, when looking at the headers (via
the h command in pine), appeared to be getting at me via this mailing
list. One of them, sent just yesterday or the day before, was relayed to
merit.edu via syr.edu, but syr.edu's mail transport agent didn't log the
IP or true hostmask of the site it got the message from. So, I contacted
postmaster@syr.edu and that person replied saying they had contacted the
appropriate persons in regards to fixing it.
To finish this, I think mayhaps it's a problem simply of having the list
propogate UCE itself, not of having spammers getting the list recipients.

J.D_Falk6 · November 17, 1997, 10:19pm

Making things worse, nanog@merit.edu is still open for anybody
  to post to, even if you're not subscribed. Many complaints
  have been registered with the listowners, but for some reason
  they've all been ignored.

Susan_Harris · November 17, 1997, 11:35pm

  Making things worse, nanog@merit.edu is still open for anybody
  to post to, even if you're not subscribed. Many complaints
  have been registered with the listowners, but for some reason
  they've all been ignored.

We're not able to limit posts to subscribers, as that would cut out the
many people who receive NANOG mail through exploders. --Susan Harris

Jon_Lewis · November 17, 1997, 11:55pm

That's a bit of a cop-out. Majordomo has for some time had the ability to
restrict posts to those addresses found in a list of files. Just add an
additional file for those who wish to be able to reply but read via
exploders.

restrict_post = nanog:nanog-digest:nanog-exploder

For the terminally lazy, just create a dummy list called nanog-exploder,
make it moderated, and allow open subscription to it. Anyone who wants to
read nanog via an exploder and be able to reply to nanog, or who wants to
be able to reply from multiple addresses subscribes to nanog-exploder.

This seems awfully simple...is there some drawback I've missed?