If your list is public, it is likely that you, a list owner, have received
targeted spam - there have been several reports thereof today.
Unfortunately, Mailman (the software we use for these lists) has been
around for some time, and as such scrapers know where to point their spam
All lists have a *listname-owner(a)lists.clarkson.edu
<listname-owner(a)lists.clarkson.edu>* address, so that users may contact the
list administrators. Anything received at this address is forwarded to the
users marked as list administrators. For public lists, this is easily
scrapeable and by extension an easy target.
I have implemented some more advanced filtering at a low level to hopefully
mitigate a larger percentage of this. Please do continue reporting any
dangerous-looking spam to the helpdesk, and we will make further changes to
*Here's what can be done on your end:*
- If your list does not need public access, make it private: Confluence
article on unlisting your list
- Reject mail sent to the *-owner* address with a notice: Confluence
- Keep your phishing training in mind - if an email looks suspicious, it
probably is. I can personally guarantee there are no prizes or law
enforcement coming for list owners at CU. Don't respond, follow links, or
Please feel free to reply to me with specific questions, or to use this
list for discussion with other list administrators that may benefit the
group - discussing a troublesome phishing email for example.
*This message is sent to all list administrators. Refer to the lists
server's Confluence section
guides on common tasks. *
Linux System Administrator
Office of Information Technology
This update will not change any existing functionality, but significantly improves the list administration + archives interfaces. All list owners should receive a link to this thread detailing how to use the new interface.