On 2016-05-24 15:30, Michael Wise via mailop wrote:
If someone has a better idea how to keep mailinglist software like MailMan from being co-opted into such an attack, I would LOVE to hear it.
I think the obvious approach would be to move back to listname-subscr...@example.com requests, but require subscription requests to either have valid SPF, DKIM, or some matching of MX/rDNS/something to indicate it might be legitimate.
But of course this would require users to actually want to join lists enough to take action, and we can't have friction.
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
