More spam :-( Was Re: [Mailman-Users] Would you like to receive information on registering your pet online for free?
JC Dill
mailman at vo.cnchost.com
Tue Mar 27 02:11:02 CEST 2001
On 03:12 PM 3/26/01, Barry A. Warsaw wrote:
>
>>>>>> "JCL" == J C Lawrence <claw at kanga.nu> writes:
>
> JCL> There is a logn standing tradition for support lists for
> JCL> products to not be closed to non-subscribers.
>
>There are a couple of issues to consider, some technical, some not.
>
>First, I think there /is/ a use for open-posting lists like
>mailman-users which do not limit postings just from members. This is
>a policy decision and if I change it, then I know we will lose newbies
>because of the overhead.
It sounds as if you are ignoring or overlooking my proposed solution which
continues to let non-subscriber posts go through to the list unmoderated,
when they contain keyword(s) indicative of an on-topic non-spam
post. Further, even if a post goes to the moderator, that doesn't mean it
can't be approved and sent on to the list, all you have introduced is a
slight delay. This seems an acceptable tradeoff for avoiding the spam. If
someone doesn't want their post held up by a moderation process, they
should subscribe, or use the appropriate keyword.
I fail to see how this would hurt newbies, or cause any significant
overhead (beyond software development of what will be a very useful feature
:-).
>I definitely don't want to lose guys like
>Chuq from this list, but there's a trade-off and I figure Chuq knows
>how to filter out the spam on his end (or just ignore it). Limiting
>posts to members /might/ make sense for mailman-developers though.
>
>Second, while Mailman does spam detection, spammers have mutated and
>are making their way around the defenses. Easy stuff like catching
>Bcc:'s and the like, we already do. How do we improve the spam
>detection in Mailman next?
Institute simple and easy content filtering. If a non-subscriber post is a
legitimate post about mailman, it is most likely to say "mailman" somewhere
in the subject or body of the post (and even more likely when you tell them
to specifically do so, when you give them the list address). If so, allow
it to go to the list, if not, bounce for moderation. False positives will
approach zero (I have a folder with 400 recent spams in it, none have
"mailman" in the body), false negatives will be a small, but probably
insignificant number. For instance, some of the recent posts that weren't
in English would have bounced (to the moderator(s)), but then again most
subscribers to this list are unable to reply to those posts anyway.
Look at it another way - How do these non-subscribers find this list
address in the first place? Where they find the list address, note that
the list has instituted an anti-spam measure and so non-subscriber posts to
the list that fail to say "mailman" in the body of the message may be held
for manual approval by the moderators rather than be immediately
distributed to the list. Since we already assume that those who really
need to post (without first being subscribed) have found the list address
through that source, and understand what they get when they post here, it's
not a big stretch to also assume that if it's important to them to have
their post *immediately* sent to the list membership (without waiting for
it to be approved by a moderator), they will heed that simple notice. Not
to mention that most non-subscriber posts will automatically heed this
notice anyway, due to the nature of the topic.
>Third, there are certain spam filters that the MTA can apply that
>should catch more stuff. I thought that the Exim installation on
>{python,zope}.org was all hooked up to RBL, etc., but since spam is
>getting through, it may not be working. I'm hoping Ethan, our MTA
>administrator can give more information here.
IMHO, this is something that should be handled by the mailing list software
itself, and thus the per-list "acceptable keyword" configuration would
exist in the mailing list software config files for each list (alongside
all the other per-list configuration settings). Why make it difficult by
involving the MTA? That makes this task especially difficult for those who
don't control the MTA, but do have control of their individual list config
settings (such as when an ISP hosts the mailing list software and supplies
list hosting services to their customer).
jc
More information about the Mailman-Users
mailing list