I suppose I shouldn't be shocked by this but it surprised me to receive
some spam sent with Mailman.
I have a folder for catching all mailing list mail that doesn't yet have
its own procmail rule. The catch-all procmail rule looks for anything with
a List-Id header and dumps it in ~/mail/Lists/Unknown. That reminds me to
add a new rule for a freshly-subscribed list.
Today I found spam in that folder, and it had legitimate-looking Mailman
headers. I figure SURBL will catch it quickly, but I find it troubling
that
this is going to reduce the Bayes quality of List-Id headers over time.
Note that the recipient is one of my spam traps on my website,
"index_html". That tells me which page supplied the address. (If I used
dynamic pages I could even encode the time and IP address of the spider in
the spamtrap.)
The list headers point to what looks like a legitimate Mailman setup, and
the sending IP has SPF_PASS.
It wouldn't surprise me if some n00b spammer who wasn't 1337 enough to get
into the inner circle of spammers would turn to a legitimate tool to use it
for illegitimate purposes. You know, like a guy who can't buy a gun might
use a hammer to bludgeon someone to death. Mailman's quite efficient, and
would make a great spamming tool, except that it's not distributed, so all
the mail would come from a single IP that would get blacklisted pretty
quickly. I'll bet they even set it up so that any bounced messages were
removed from their mailing list right away.
