[Mailman-Users] fight spam !!

Stephen J. Turnbull stephen at xemacs.org
Sun Oct 4 15:40:43 CEST 2009 

Khalil Abbas writes:

 > ok now I'm really fed up! this is too freaking much!!!! incoming
 > incoming incoming they never stop!!!

This is not new.  We all deal with it.  There are several good
suggestions on reducing spam flow to Mailman (which reduces the burden
on your systems) in the FAQ.  There are patches for SpamAssassin and
SpamBayes integration into Mailman (but they are severely deprecated
unless there is *no* alternative; if you don't understand why, it is
strongly suggested that you learn because it's quite fundamental to
spam reduction; there are plenty of threads in the archives so I won't
repeat the litany here).

 > please, is there anyone who can refer to articles about how to know
 > the source of these messages and how to report them to their ISPs
 > and to there authorities ???

The traceable sources of the messages are indicated in the "Received:"
headers, which you can view by reading the message into a text editor,
and partially confirm from your MTA logs.  You need to be careful
about tracing back from your MTA, because those headers can easily be
spoofed.  When you are pretty sure you have identified a source, you
use the whois service to confirm the ISP, and find the address for
abuse reports (usually abuse at isp.com; if that bounces,
postmaster at isp.com; if that bounces you're basically out of luck).

However, those are almost never the real sources.  You will find that
they are machines that have been subverted as part of a botnet, and
the real source is well anonymized.

Reporting to the authorities is generally not very useful, because
they are way underfunded for chasing spammers starting from a spam
message even in the U.S.  China and Russia are way worse, and there is
some suspicion that some authorities in many countries are in cahoots
with the spammers.

 > common people MUST be educated about this!! so if we kill 10% of
 > the spam going on it will be a big achievement!

I teach for a living, and I can tell you that you can lead a student
to the library but you cannot make him read.  Forget about "educating
the common people".[1]  They're mostly safe inside their walled
communities at AOL, Google, and Hotmail, and are happy to blame the
occasional interruption on *your* system or on "the mail system" or
even on "the spammers".  But they just don't want to know about the
actions that would really be effective in stopping spam.


Footnotes: 
[1]  Including alleged experts.  The first spam I ever got from inside
my university firewall was sent from a machine owned by the head of
the engineering school, a computer science professor.

More information about the Mailman-Users mailing list