More spam :-( Was Re: [Mailman-Users] Would you like to receive information on registering your pet online for free?

JC Dill mailman at vo.cnchost.com
Tue Mar 27 02:11:02 CEST 2001 

On 03:12 PM 3/26/01, Barry A. Warsaw wrote:
 >
 >>>>>> "JCL" == J C Lawrence <claw at kanga.nu> writes:
 >
 >    JCL> There is a logn standing tradition for support lists for
 >    JCL> products to not be closed to non-subscribers.
 >
 >There are a couple of issues to consider, some technical, some not.
 >
 >First, I think there /is/ a use for open-posting lists like
 >mailman-users which do not limit postings just from members.  This is
 >a policy decision and if I change it, then I know we will lose newbies
 >because of the overhead.

It sounds as if you are ignoring or overlooking my proposed solution which 
continues to let non-subscriber posts go through to the list unmoderated, 
when they contain keyword(s) indicative of an on-topic non-spam 
post.  Further, even if a post goes to the moderator, that doesn't mean it 
can't be approved and sent on to the list, all you have introduced is a 
slight delay.  This seems an acceptable tradeoff for avoiding the spam.  If 
someone doesn't want their post held up by a moderation process, they 
should subscribe, or use the appropriate keyword.

I fail to see how this would hurt newbies, or cause any significant 
overhead (beyond software development of what will be a very useful feature 
:-).

 >I definitely don't want to lose guys like
 >Chuq from this list, but there's a trade-off and I figure Chuq knows
 >how to filter out the spam on his end (or just ignore it).  Limiting
 >posts to members /might/ make sense for mailman-developers though.
 >
 >Second, while Mailman does spam detection, spammers have mutated and
 >are making their way around the defenses.  Easy stuff like catching
 >Bcc:'s and the like, we already do.  How do we improve the spam
 >detection in Mailman next?

Institute simple and easy content filtering.  If a non-subscriber post is a 
legitimate post about mailman, it is most likely to say "mailman" somewhere 
in the subject or body of the post (and even more likely when you tell them 
to specifically do so, when you give them the list address).  If so, allow 
it to go to the list, if not, bounce for moderation.  False positives will 
approach zero (I have a folder with 400 recent spams in it, none have 
"mailman" in the body), false negatives will be a small, but probably 
insignificant number.  For instance, some of the recent posts that weren't 
in English would have bounced (to the moderator(s)), but then again most 
subscribers to this list are unable to reply to those posts anyway.

Look at it another way - How do these non-subscribers find this list 
address in the first place?  Where they find the list address, note that 
the list has instituted an anti-spam measure and so non-subscriber posts to 
the list that fail to say "mailman" in the body of the message may be held 
for manual approval by the moderators rather than be immediately 
distributed to the list.  Since we already assume that those who really 
need to post (without first being subscribed) have found the list address 
through that source, and understand what they get when they post here, it's 
not a big stretch to also assume that if it's important to them to have 
their post *immediately* sent to the list membership (without waiting for 
it to be approved by a moderator), they will heed that simple notice.  Not 
to mention that most non-subscriber posts will automatically heed this 
notice anyway, due to the nature of the topic.

 >Third, there are certain spam filters that the MTA can apply that
 >should catch more stuff.  I thought that the Exim installation on
 >{python,zope}.org was all hooked up to RBL, etc., but since spam is
 >getting through, it may not be working.  I'm hoping Ethan, our MTA
 >administrator can give more information here.

IMHO, this is something that should be handled by the mailing list software 
itself, and thus the per-list "acceptable keyword" configuration would 
exist in the mailing list software config files for each list (alongside 
all the other per-list configuration settings).  Why make it difficult by 
involving the MTA?  That makes this task especially difficult for those who 
don't control the MTA, but do have control of their individual list config 
settings (such as when an ISP hosts the mailing list software and supplies 
list hosting services to their customer).

jc

More information about the Mailman-Users mailing list