--On Monday, February 24, 2003 2:28 AM -0800 J C Lawrence <claw @
> On Mon, 24 Feb 2003 04:57:35 -0500
> Tom Neff <tneff @
>> I spam protect my lists by making them members only. Simplest most
>> effective technique I've found.
> I found that header forging virus, and the newer trend toward header
> forging spam were getting mail onto my member-sonly lists. Not often to
> be sure -- no more than a few per month -- but that was more than enough
> for me (and this was a year ago; I suspect the situation is worse now).
I guess I should add that I also either strip attachments or block on them,
depending on the list, so there's never an actual infection. Like JC, I
never actually saw more than a couple of successful (tho harmless) forged
postings from infected members.
I think this is because of the way the "reinfector" works: on most of these
worms, it pulls someone else's From: address at random, AND a To: address at
random, from the address book or message spool. Except perhaps with really
clubby cliquey exclusive listnerds :) it would seem that the likelihood of a
successful "matchup" this way - i.e., the randomly chosen To: address is that
of a listserv, and the randomly chosen From: address happens to be in that
listserv's roster - is fairly low. Most of the time, if the listserv address
is picked for To:, the From: will be garbage or some other random friend
who's not a member, so the members-only criterion stops the posting.
The biggest problem with members-only lists is that people keep changing
their friggin' addresses, or having Systems Support change them for them