On Wed, 2009-05-27 at 09:28 -0700, Robin H. Johnson wrote: > Lately we've been seeing a LOT of spam being sent to the mailing list > subscribe mechanism, with the side effect that the subscribe mechanism > responds to the From header address with a confirmation request. That > address (along with the envelope sender) are unfortunately forged. > > The volume of the confirmation requests is getting worse than direct > spams, because the spam filtering considers the confirmation requests to > be valid email (they would be, except for the fact they are > unsolicited). > > To combat this problem, I'd like us to consider switching the subscribe > mechanism for the mailing lists to be a web form (protected with > recaptcha). Unsubscribe will continue to be offered as an email action > for the moment, because it ignores the mail if the address was not > subscribed. Fine with me. I've been getting quite a few of these lately, and since I sometimes do subscribe to new lists, I have to look at them before discarding. Regards, Ferris -- Ferris McCormick (P44646, MI) Developer, Gentoo Linux (Sparc, Userrel, Trustees)