On 11/05/2012 01:11 PM, Joe Linoff wrote:
Hi Eric:
Thank you for the explanation. That is extremely unfortunate.
Please let me know if there is anything I can do to help.
At this point, the spammer seems to be using a new address for each spam
sent (and not the one by which they subscribed); and so far, among the
spam I have received, I have had senders claiming both
hotmail.com and
gmail.com addresses. Which really doesn't narrow down how to pick out
the offender from the set of list subscribers.
We might consider moving to a stronger policy of moderated subscriptions
(where you have to wait for moderator approval before you can subscribe
instead of the current policy of anyone can subscribe).
Note that you would still be able to post without subscribing (this has
always been the case), and that most list readers use reply-all so that
even non-subscribers don't get dropped from a conversation. Also note
that the list archives are browsable online, so even if subscription
becomes moderated, that still does not prevent you from reading older
conversations while waiting for your subscription to activate.
What do list readers think of the idea of altering list policy in this
manner? It would reduce the likelihood of future harvesting attacks,
but it won't do much for the current attack situation, and adds a hoop
to jump through which might be the last straw for a legitimate reader in
forming their opinion on whether or not to use libvirt.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org