[Mailman-Developers] Interesting study -- spam on postedaddresses...

Chuq Von Rospach chuqui@plaidworks.com
Wed, 20 Feb 2002 10:15:33 -0800 

On 2/20/02 9:31 AM, "Jay R. Ashworth" <jra@baylink.com> wrote:

> But I still think it's important to keep firmly uppermost in our minds
> here that the spam is not *caused* by the mailing list.
> 
> Nor is it caused by Google
> 
> It's *caused* by the spammers.

And burglary is not caused by my owning nice things, either. It's caused by
burglars. But that's no excuse to not put locks on the doors.

> I realize that we have practical considerations to deal with which are
> much closer to our feet, but I think that it's quite important that we
> don't lose sight of the forest for the trees.

See, here's our disagreement here. You're saying "put the damn burglars in
jail already!" and I'm saying "I agree, but until that's done, I still think
I'm installing that deadbolt on the front door".

You're right, Jay, but does being right matter? Unless you know how to stop
the spammers, it's a pyhrric victory -- because it does nothing to protect
yourself from the spammers.

Even with a good deadbolt, burglaries still happen. Is that an excuse not to
put the deadbolt on in the first place? No.

> I personally can't think of any method of programmatically obscuring
> email addresses that can't be programmatically reversed.

Have you seen what slashdot is doing? I think it has promise, because while
it's still reversible programmatically, it makes it much more difficult to
do. Will they still get harvested? Most likely. But not nearly as quickly as
most other sites, and it's going to make the spambots crazy trying to eat
each page looking to figure out if it knows which obfuscation to
de-obfuscate. 

But I've been thinking about this, and I want to throw a couple of ideas
out. I'm speaking just of the admin-access issue, not archives.

Admin-access has three components to it, all in conflict.

1) The list admin needs to be accessible to everyone, not just subscribers.

2) the list admin shouldn't be an open target to spam.

3) Someone has to be accessible for problem reports even if the Mailman
system is malfunctioning.

That third point is a bit of a shift. I've come to the thought (and we can
argue it) that LIST admins don't need to be accessible if MAILMAN fails. The
MAILMAN admin does. And I think the chances are good that the MAILMAN admin
is more likely than not also the person who gets abuse@, root@, postmaster@,
so the SITE admin mailbox is already wide open to all these idiots. Making
it wide open to mailman spam simply isn't significant.

That, basically, allows us to stuff mailtos somewhere pointing to an address
you can mail to to report site failures. I'll even go farther and say that
address can simply be on a web page, not linked to a Mailto, and if you
really, reallly want, obscure it further as a JPG or something. But I think
that's all overkill, given that spammers now automatically spam
root/postmaster/etc on domains anyway.

That takes care of the "access in case of failure" mode, mostly by, frankly,
simply annointing ONE person (the site admin) as "it" for open access. Not
great, but it's sure better than making all admins deal with it.

That then allows us to deal with (1) and (2). Which means we can now put
admin access behind some kind of web interface. And - we already have 80% of
that, in the current admin interface.

So I recommend this:

You no longer advertise admin's real addresses. Instead, you advertise a
feedback  that sends messages to the admin, to discourage mailing directly.
A year ago, I probably would have insisted on SOME kind of email contact
point, but frankly -- the percentage of users who can't use a web page is
pretty much zero now.

when you contact a list admin, that message is sent in like existing admin
stuff -- the the mailman/admindb/listname page.

The admin stuff is extended to not only handle moderation requests, but also
to handle admin email, allowing an admin to delete, respond, send a standard
form letter, forward, or whatever.

And since 2.1 has better filtering capabilities, we get those filtering
capabilities for free on incoming admin email. And this stuff isn't thrown
in an admin's mailbox -- it's dealt with as part of the normal admin list
functions, reducing the interruption/hassle factor. And the admin addresses
won't end up in spammer databases, because they no longer exist.

Thoughts? It's not perfect, but now only one guy is "it", and the admins are
accessible but protected -- and can better separate their list-admin "me"
from their real "me" on top of it. And the site admin is more likely IMHO to
be capable of managing their mailbox from spam than forcing all list admins
to learn how to do that...


-- 
Chuq Von Rospach (chuqui@plaidworks.com -- http://www.chuqui.com/)
Will Geek for hardware.

The Cliff's Notes Cliff's Notes on Hamlet:
    And they all died happily ever after