Subject: Re: [Fwd: EFF Mailing List Query]
From: Tom Neff <tneff @ grassyhill . net>
Date: Mon, 24 Feb 2003 11:26:16 -0500
To: list-managers @ greatcircle . com
In-reply-to: <19038 . 1046082505 @ kanga . nu>
References: <D2279798-47CE-11D7-AE70-0003934516A8 @ plaidworks . com> <3E59D69B . 9030708 @ queernet . org> <329192406 . 1046062655 @ [192 . 168 . 254 . 79]> <19038 . 1046082505 @ kanga . nu>

--On Monday, February 24, 2003 2:28 AM -0800 J C Lawrence <claw @
 kanga .
> On Mon, 24 Feb 2003 04:57:35 -0500 
> Tom Neff <tneff @
 grassyhill .
 net> wrote:
>> I spam protect my lists by making them members only.  Simplest most
>> effective technique I've found.
> I found that header forging virus, and the newer trend toward header
> forging spam were getting mail onto my member-sonly lists.  Not often to
> be sure -- no more than a few per month -- but that was more than enough
> for me (and this was a year ago; I suspect the situation is worse now).

I guess I should add that I also either strip attachments or block on them,
depending on the list, so there's never an actual infection.  Like JC, I
never actually saw more than a couple of successful (tho harmless) forged
postings from infected members.

I think this is because of the way the "reinfector" works: on most of these
worms, it pulls someone else's From: address at random, AND a To: address at
random, from the address book or message spool.  Except perhaps with really
clubby cliquey exclusive listnerds :) it would seem that the likelihood of a
successful "matchup" this way - i.e., the randomly chosen To: address is that
of a listserv, and the randomly chosen From: address happens to be in that
listserv's roster - is fairly low.  Most of the time, if the listserv address
is picked for To:, the From: will be garbage or some other random friend
who's not a member, so the members-only criterion stops the posting.

The biggest problem with members-only lists is that people keep changing
their friggin' addresses, or having Systems Support change them for them

