jerks using our mailman to spam people
There are repeated patterns, and repeated complaints especially lately, of jerks signing up "victim" addresses to dozens of mailing lists. In our case, the victims don't actually end up on the list, because they don't confirm the subscription. But they get dozens of "reply to confirm!" mails, which causes stress and confusion and anger.
/var/log/mailman/subscribe on eugeni is where the interesting info is.
You can see clear patterns of some jerk trying to subscribe target addresses to a half dozen Tor lists at once. It happens again and again and again.
Each request comes from a different address around the internet. It looks like a standard botnet. I hear from the victims that they're being subscribed to other non-Tor lists too, so we are just one piece of the mess.
One distinguishing pattern seems to be that their subscribe attempts come with a random two word name before the email address. "Who does that?"
We've handled (responded to) almost 55000 subscription attempts in May so far, and I'd wager that 90+% of them are malicious.
I imagine the primary goal is to harm the victims, but there is secondary harm, where eugeni ends up in more blacklists. And also many people have their first introduction to Tor being this abuse.
Maybe we can hack mailman to discard attempts that include a two-word name? Is there some way to moderate the subscription attempts? Do we even want that? Maybe we should disable email subscription interactions with mailman entirely?