[BALUG-Admin] Spamtraps and http://www.uceprotect.net/en/rblcheck.php?ipr=96.86.170.229

Rick Moen rick@linuxmafia.com
Tue Jul 26 02:25:07 UTC 2022


Michael, here's the thing that worries me, and the reason I concentrated 
on getting as much junk as possible out of the subscriber rosters.  In a
word, spamtraps.  Spamtraps already subscribed, and still subscribed.

http://www.uceprotect.net/en/rblcheck.php?ipr=96.86.170.229 , as an
example of the (several) remaining DNSBL entries, says:

  What does it mean to be listed at the UCEPROTECT-Level 1?
  It means abusive activity was seen from IP 96.86.170.229 directly within
  the last 7 days.

  Concrete allegation:
  IP 96.86.170.229 tried to deliver mail to spamtraps.

_If_ bogus subscriptions have been allowed in the past, then one or more
of the subscriptions, to one or more of the four BALUG mailing lists, 
almost certainly are still spamtraps -- unless I lucked out and pruned
them in my recent work.

SO:  The above-cited URL permits "express delisting" from the cited
DNSBL -- with the caveat that if we haven't fixed the underlying
problem, we'll soon get relisted.

I would invite you to look over the situation, then tell me your
thoughts about how/whether we can tell that we aren't going to get bogus
subscriptions (without 3-way handshake) going forward, and that we don't
have any spamtrap addresses remaining in the rosters.

Worst case, if we're pretty sure that bogus subscriptions _have_ been
possible, but we've scotched that, e.g., with the mm_cfg.py secret key
for subscription forms, then we might have to bite the bullet and
require all existing subscribers to re-confirm their desire to be
present.




More information about the BALUG-Admin mailing list