The mailing list for listmasters using Sympa

[Adam Bernstein <address@concealed>]

> We've had a couple instances in the past here at Duke, where third
> parties have scraped our publicly visible list of lists
> (https://lists.duke.edu/sympa/lists) and then gone through and used
> automated tools to attempt to subscribe themselves to each list there (a
> lot of which do allow open subscription).

This may not be the answer you're looking for, but IMHO you should solve 
this problem and various others by simply disallowing any open (ie. no 
auth/confirmation required) subscriptions.  All unauthenticated 
subscribe requests should require subsequent confirmation by the user 
anyway, to avoid spurious subscriptions resulting from spam, viruses, 
errors, malicious activity, etc.  You'll have to either change the 
setting on existing lists with open subscriptions or "override" it by 
linking the subscribe.open scenario file to, say, the subscribe.auth 
file instead, but neither one is very difficult.

That's my 2 centimes.  Or did I misunderstand something?

     adam