The mailing list for listmasters using Sympa

[dmacdoug <address@concealed>]

On Tue, Nov 16, 2004 at 05:47:27PM +0000, Nick Holden wrote:
> I've had a complaint from a subscriber to a private list that their
> email address has been spammed following subscription to a list on my
> sympa server.
> 
> The email address, they say, was unique to their subscription request,
> so there's nowhere the spammers could have got to it, except by either
> sending spam to the list (no-one else has complained, I didn't see any,
> and the archive doesn't show any) or by the spammer somehow accessing my
> sympa MySQL database. Is there any experience or suggestion that such
> things might have happened elsewhere? I see no evidence of it, but this
> one user is adamant.
> 
> Thanks for any suggestions,
> 
> Nick
> -- 
> Nick Holden <address@concealed>
> 

It would bear evaluating how absolutely secret the email address may have
been.  I have never had any address that I have created on my own server be
spammed unless I let the address out, but I created a yahoo email account a
while back and never used it to send or receive any email to or from anyone
except myself, to test a new email system of my own, and within a short
while of creating it, it was receiving spam.  I would assume that spammers
have accomplices within Yahoo and the other public email companies who give
them new addresses.  So unless this subscriber created the address on his
own private system, there may be alternate mechanisms by which the address
could be acquired.  

Regards,

Don MacDougall
address@concealed