cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hunsberger, Peter" <>
Subject RE: E-mail account disabling warning.
Date Wed, 03 Mar 2004 19:27:36 GMT
Steven Noels <> writes:


> How can we defend ourselves from bots spamming the lists using 
> subscribed or allowed addresses...? Or do we need to actively 
> monitor/clean up stale entries in the allow list?

The same format of message also hit xml-dev this morning.  Again,
bounced through the list.  

Don't think you can really defend against. Nothing says that they just
won't use forged headers of a regular user.  You could try and verify
that the mail server corresponds to the sender domain but for people on
the road that likely ain't going to cut it.  Quarantining all
attachments (and forcing explicit download) might be workable?

I guess I'm going to have to stop using my regular e-mail address for
this kind of thing and start maintaining yet another mail box (5 so
far).  So far our virus checkers have caught all this stuff but sooner
or later someone's going to find a hole that doesn't rely on social
engineering and doesn't get caught by the filters...

View raw message