On 05-Sep-17 10:55, Ian Kelling wrote: > There is at least one very major mail provider where > joe+any_string@domain goes to the inbox of joe by default, allowing bad > people to get my mailman instance to send many subscription mails to > joe+random_string@domain, messing up joe's inbox, because mailman just > sees different addresses. Can mailman stop doing this? If not, I'm open > to an exim rule to block or at least rate limit mailman from doing this > too. This is correct behavior by both the mail service provider and by mailman.
The way to address the anti-social behavior described is to implement a captcha, which will effectively rate-limit subscription requests by bad actors - usually to close to zero. This has been discussed recently on this list. > Also, is there a way to rate limit subscription requests even for the > exact same email address? For example, don't allow someone to subscribe > to list b if they have > 5 unconfirmed subscription requests in the last > day? I don't think so, but others more expert may respond. If not, it seems like a reasonable feature request for MM3. But a captcha will probably have the effect that you want. I use reCAPTCHA (now hosted by Google). It seems to stay ahead of the captcha-solver bots most of the time. It's important to choose one that is accessible to people with disabilities. > -- > Ian Kelling | Senior Systems Administrator, Free Software Foundation > GPG Key: B125 F60B 7B28 7FF6 A2B7 DF8F 170A F0E2 9542 95DF > https://fsf.org | https://gnu.org > ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
