[AccessD] Email spam risk <rant>

Francisco H Tapia my.lists at verizon.net
Fri Jan 31 10:41:41 CST 2003


Let me start with,  I think that the new MailMan engine is great, in fact
I'm subscribed on other lists that use this engine, and it's pretty good,
IIRC you can tell it now to block attachments thus overcomming one of the
shortcommings that the previous list had... :D, now I get to rant :D

**Did you know that your email address is exposed for the AccessD archives?
Visit
http://databaseadvisors.com/mailman/roster/accessd
Yes this is because the default setting is to make your email visible on the
roster list.  No worries though it's not like you can't remove your name
from the list, but the principal is the same.  The system autogenerates a
password for you, since you don't know it when you click on your email
address it will send you the link and your system created password in order
to let you change you options and you password as well.  Once in your user
options go to the section labled Conceal  yourself from subscriber list.
This in effect will hide your name from the main roster page that is visible
by any spam-bot picking up email addresses.  True the email address is not
displayed as "email at server.com" but 'email at server.com" is not too tought
for a spam-bot to clean up... so if you don't like your email address listed
publicly out on the worldwideweb run dont walk to change your user settings
http://databaseadvisors.com/mailman/roster/accessd

and by the look of things, hardly anyone cares or knows about this
vulnerability...

-Francisco
http://rcm.netfirms.com





More information about the AccessD mailing list