Mailing lists and Demo site

Thomas Bruederli roundcube at
Sun Jan 1 20:52:35 CET 2006

Hi Robert,

The information I got from the logs tells me that the spam mail was sent 
manually by copying several hundreds of e-mail addresses to the bcc field.

I think it's very hard to use RoundCube for automatic/scripted spam 
sending because you need to have a valid session which is checked by a 
cookie and the session hash within the URL. After sending a message, you 
have to reload the compose page to get a new "sending session". Of 
course one could write a script doing right that but it would be very 
complicated and you could also write it for GMX or Hotmail accounts.

I planned to add some spam-protection functions such as a limit for 
recipients and checking the time since the last message was sent.


Robert Copelan wrote:
> Thomas,
> Was the demo site being used to manually send spam
> mail or was it being used by an automatic program?  If
> an automatic program, are there steps we should take
> with our existing installations to reduce the
> possiblity of spam?
> Regards/MfG,
> Robert

More information about the Dev mailing list