[libvirt-users] is this mailing list active? i am seeing low activity and am receiving spam

Hi Folks: Is this mailing list active? It seems to have pretty low activity and I have received several spam messages since signing up. Regards, Joe

I withdraw the question. Clearly this mailing list is active and helpful but the spam thing is a concern. It seems like someone might have hijacked the list OR I may have a local intrusion that cropped up about the same time. Regards, Joe From: Joe Linoff Sent: Monday, November 05, 2012 11:52 AM To: libvirt-users@redhat.com Cc: Joe Linoff Subject: is this mailing list active? i am seeing low activity and am receiving spam Hi Folks: Is this mailing list active? It seems to have pretty low activity and I have received several spam messages since signing up. Regards, Joe

On 11/05/2012 12:56 PM, Joe Linoff wrote:
I withdraw the question. Clearly this mailing list is active and helpful but the spam thing is a concern. It seems like someone might have hijacked the list OR I may have a local intrusion that cropped up about the same time.
Unfortunately, a spammer has subscribed to the list and is harvesting all email addresses appearing in list traffic, and then sending private, and rather offensive, responses while reusing subject lines from the list. The list itself is not sending spam. It is a recent and very unfortunate development, in about the last week, and rest assured that the list admins are trying to figure out who to unsubscribe to quit the harvesting of email addresses, although that won't help if your address was already harvested. This is not the only list hit; many open source lists have reported the same issue in the last week. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org

Hi Eric: Thank you for the explanation. That is extremely unfortunate. Please let me know if there is anything I can do to help. Regards, Joe -----Original Message----- From: Eric Blake [mailto:eblake@redhat.com] Sent: Monday, November 05, 2012 12:04 PM To: Joe Linoff Cc: libvirt-users@redhat.com Subject: Re: [libvirt-users] is this mailing list active? i am seeing low activity and am receiving spam On 11/05/2012 12:56 PM, Joe Linoff wrote:
I withdraw the question. Clearly this mailing list is active and helpful but the spam thing is a concern. It seems like someone might have hijacked the list OR I may have a local intrusion that cropped up
about the same time.
Unfortunately, a spammer has subscribed to the list and is harvesting all email addresses appearing in list traffic, and then sending private, and rather offensive, responses while reusing subject lines from the list. The list itself is not sending spam. It is a recent and very unfortunate development, in about the last week, and rest assured that the list admins are trying to figure out who to unsubscribe to quit the harvesting of email addresses, although that won't help if your address was already harvested. This is not the only list hit; many open source lists have reported the same issue in the last week. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org

On 11/05/2012 01:11 PM, Joe Linoff wrote:
Hi Eric:
Thank you for the explanation. That is extremely unfortunate.
Please let me know if there is anything I can do to help.
At this point, the spammer seems to be using a new address for each spam sent (and not the one by which they subscribed); and so far, among the spam I have received, I have had senders claiming both hotmail.com and gmail.com addresses. Which really doesn't narrow down how to pick out the offender from the set of list subscribers. We might consider moving to a stronger policy of moderated subscriptions (where you have to wait for moderator approval before you can subscribe instead of the current policy of anyone can subscribe). Note that you would still be able to post without subscribing (this has always been the case), and that most list readers use reply-all so that even non-subscribers don't get dropped from a conversation. Also note that the list archives are browsable online, so even if subscription becomes moderated, that still does not prevent you from reading older conversations while waiting for your subscription to activate. What do list readers think of the idea of altering list policy in this manner? It would reduce the likelihood of future harvesting attacks, but it won't do much for the current attack situation, and adds a hoop to jump through which might be the last straw for a legitimate reader in forming their opinion on whether or not to use libvirt. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
participants (2)
-
Eric Blake
-
Joe Linoff