[Mailman-Users] Our list serv host is threatening to shut us down for spam abuse

Rich Kulawiec rsk at gsp.org
Fri Jun 17 13:02:05 EDT 2016 

I'll second the suggestion that you split the list.  I'll also suggest
that you do *not* subscribe anyone to the split-off instance: you should
make them go through a COI (confirmed opt-in) process AND you should
make certain that you retain all records of that as long as the list
exists. ("records" being the Mailman logs and copies of any correspondence.)


But let me make a general comment about this problem -- which stems
from companies like AOL and Yahoo delegating control of part of the
anti-spam process to their users.

That's incredibly stupid.  It's off-the-scale idiotic.  It flies in
the face of everything we've learned about spam in the past several decades.

Consider: if users, en masse, could reliably distinguish spam from
non-spam, would the spam problem be as bad as it is?

No.  It would not.  It would only be a tiny fraction of its current scale.

But users have spent the past several decade proving, beyond any
possible argument, that they are absolutely horrible at this task.
So delegating it to them is not only lazy, it's insane.

To be clear: yes, users should be able to *report* suspected spam.
That's why everyone should have an abuse@ address per RFC 2142
and decades of best practices.   A user who's capable of remembering
that, and who's capable of forwarding spam to it with full headers,
is a user at least worth paying attention to.  (And of course the
local admin/postmaster/abuse/whatever team should read and analyze
every such message: that's mail system admin 101.)  But a user who
blindly hits the spam button for any message they don't like or
don't find useful or don't agree with or anything else is worse
than useless: they're actively degrading the process.

Dave Crocker put it quite well when he said:

	The best model to invoke, with respect to the idea of recruiting
	end users to be active participants in abuse detection or
	prevention is mostly:

	Don't.

Unfortunately, the AOLs and Yahoos of the world are deaf to this.

And as a result of that, I have no doubt whatsoever that many of your
non-spam messages are being flagged as spam by users at those operations
(and elsewhere) despite the fact that they're on-topic for a mailing list
that they signed up for.

I've found it necessary to use VERP and similar techniques to identify
the specific individuals responsible for this abuse and to either
(a) unsubscribe them and/or (b) ban them.  This isn't a panacea, but
it does help cut down on the complaint rate and thus the spurious
blacklisting.

---rsk

More information about the Mailman-Users mailing list