[Owasp-leaders] Massive spam problem on mailing lists?

Dirk Wetter dirk at owasp.org
Wed Feb 27 09:12:43 UTC 2019


Hi,

there seems to be another problem. Also on other biz and private
accounts I spotted more and more mails seem to originate from the
recipient or a domain from the recipient. But as indicated they
are forged origins.

In mailman it should help set this in Privacy options --> Sender filters,
variable ``discard_these_nonmembers``

^.*@lists\.owasp\.org$

Not chosing reject here as it'll bounce to our address.

Be careful with other patterns, e.g. ``accept_these_nonmembers``.
E.g. if you put in there .*owasp\.org you might override this (not
sure atm in which order the filters will be applied). If you want
all folks with an OWASP.org mail address to allow posting I would
recommend ^.*@owasp\.org$ (mind the "@") which doesn't conflict
with the list pattern.

@OWASP.org addresses as opposed to lists.owasp.org addresses should not
be possible to fake as we require authentication at our server to send those
e-mails AND Google used Domain Keys / aka DKIM for sender verification.
Means it should be safe to accept personal addresses like anyname at owasp.org .

Dirk


-- 
OWASP Volunteer
Send me encrypted mails (Key ID 0xD0A74569)
@drwetter



More information about the OWASP-Leaders mailing list