Dear friend,

Sun Oct 19 23:47:47 BST 2008

On 19 Oct 2008, at 23:29, David Cantrell wrote:

> On Sun, Oct 19, 2008 at 08:11:12AM +0100, Jonathan Stowe wrote:
>> On Sat, 2008-10-18 at 14:27 +0100, Martin A. Brooks wrote:
>>> Jonathan Stowe wrote:
>>>> Anyone know a good way of stopping joe-jobbed spam which doesn't  
>>>> involve
>>>> spf and stuff ?
>>> Don't have a catchall.
>> That doesn't solve the particular problem here.  You lot don't see  
>> most
>> of the spam that gets sent to london.pm.org because it never gets  
>> past
>> the mailling list software, someone goes in an deletes it all every  
>> once
>> in a while.  However in this case the spam was sent as coming from
>> someone who was subscribed to the list thus goes straight through.
>> Apparently this kind of thing can be caused by a potential XSS
>> vulnerability in gmail so might become more common.
>
> So we just unsub everyone using gmail. Problem solved.

What about the people who don't use the UI?

-- 
Dave Hodgkinson                                MSN: davehodg at hotmail.com
Site: http://www.davehodgkinson.com                   UK: +44 7768  
490620
Blog: http://davehodg.blogspot.com                    NL: +31 654 982906
Photos: http://www.flickr.com/photos/davehodg