[Mailman-Users] spam, spamcop and mailman moderation

Brad Knowles brad at shub-internet.org
Sat Nov 11 03:51:55 CET 2006 

At 11:45 AM -0500 11/10/06, Charles Gregory wrote:

>  The point *I* got was, even if you successfully filter with every 'safe'
>  method of spam filtering we can imagine, roughly 5-10% of spam will end up
>  reaching mailman, and when mailman sends its 'routine' message back to
>  'sender', it is generating backscatter that is cause for blacklisting.

Yup.  That's an issue to be concerned about.

Right now, the standard version of Mailman effectively gives you a 
limited set of options:

	1.  Generate a response message to the claimed sender, which
	might potentially be a response to a forged spam sender, and
	thus would be backscatter.

	2.  Don't generate a response, and hold for moderation.

	3.  Don't generate a response, and throw the message away.

So, if you're running a mailing list, you've got to decide which is 
the lesser evil for you and your list participants, and take the 
appropriate action when choosing between which particular evil you 
are going to go with.

>  The only suggestion I can come up with is some simple last-minute
>  filtering within mailman itself: Only send a 'holding' notice if the
>  visible 'From' header matches the Envelope Sender, and if the visibile
>  'To' address contains the mailman list address. The advantage to handling
>  this within mailman, and not in spamassassin, is that you aren't choosing
>  to discard the mail based on this criteria. You're just deciding whether
>  to send a courtesy e-mail warning of moderation.

This is an excellent idea, and I'd like to see this get included as 
another option.

Can you file this an RFE for this on the appropriate page on 
SourceForge, or in the wiki?  Would you have the ability to share 
with us the code that you developed to implement this function?  If 
so, could you upload that as a patch to the appropriate page on 
SourceForge, or post it on the wiki?

>  Of course, you could simply choose not to send any warnings at all. Let
>  people who try to post figure it out for themselves. A good list home
>  page, and/or disclaimers at the bottom of list mail should help with this.

This may work for some communities, but since Internet e-mail is an 
inherently unreliable process, the only way a poster can be sure that 
his message did or did not get delivered is if they get an explicitly 
acknowledgment (or nack) of some sort.

The problem is that we can't confirm the claimed identity of the 
sender, so sending back a nack could be dangerous.  But so could 
failing to send a nack when we throw away a message.

You've got to decide which is the lesser evil for you and your 
participants, but so far I like your alternative option better than 
any of the options currently implemented in Mailman.

-- 
Brad Knowles, <brad at shub-internet.org>

Trend Micro has announced that they will cancel the stop.mail-abuse.org
mail forwarding service as of 15 November 2006.  If you have an old
e-mail account for me at this domain, please make sure you correct that
with the current address.

More information about the Mailman-Users mailing list