Hi folks,

If your list is public, it is likely that you, a list owner, have received targeted spam - there have been several reports thereof today. Unfortunately, Mailman (the software we use for these lists) has been around for some time, and as such scrapers know where to point their spam bots.

All lists have a listname-owner@lists.clarkson.edu address, so that users may contact the list administrators. Anything received at this address is forwarded to the users marked as list administrators. For public lists, this is easily scrapeable and by extension an easy target.

I have implemented some more advanced filtering at a low level to hopefully mitigate a larger percentage of this. Please do continue reporting any dangerous-looking spam to the helpdesk, and we will make further changes to limit them.

Here's what can be done on your end:

If your list does not need public access, make it private: Confluence article on unlisting your list.
Reject mail sent to the -owner address with a notice: Confluence article
Keep your phishing training in mind - if an email looks suspicious, it probably is. I can personally guarantee there are no prizes or law enforcement coming for list owners at CU. Don't respond, follow links, or download attachments.

Please feel free to reply to me with specific questions, or to use this list for discussion with other list administrators that may benefit the group - discussing a troublesome phishing email for example.

This message is sent to all list administrators. Refer to the lists server's Confluence section for guides on common tasks.

Gavin Riggi

Linux System Administrator

Office of Information Technology

Clarkson University