[Mailman-Users] Our list serv host is threatening to shut us down for spam abuse

Fri Jun 17 13:44:40 EDT 2016

Thank you Rich,

I do not subscribe anyone without making them first go through the
subscribe process. The problem we're having lately is the ISP's are not
passing on the confirmation email, so in a couple cases lately, after
confirming the user tried the process (by their word is all I got) I do
subscribe them.

Unfortunately I don't have access to the logs nor VERP settings.

thx, Jim

On Fri, Jun 17, 2016 at 9:02 AM, Rich Kulawiec <rsk at gsp.org> wrote:

>
> I'll second the suggestion that you split the list.  I'll also suggest
> that you do *not* subscribe anyone to the split-off instance: you should
> make them go through a COI (confirmed opt-in) process AND you should
> make certain that you retain all records of that as long as the list
> exists. ("records" being the Mailman logs and copies of any
> correspondence.)
>
>
> But let me make a general comment about this problem -- which stems
> from companies like AOL and Yahoo delegating control of part of the
> anti-spam process to their users.
>
> That's incredibly stupid.  It's off-the-scale idiotic.  It flies in
> the face of everything we've learned about spam in the past several
> decades.
>
> Consider: if users, en masse, could reliably distinguish spam from
> non-spam, would the spam problem be as bad as it is?
>
> No.  It would not.  It would only be a tiny fraction of its current scale.
>
> But users have spent the past several decade proving, beyond any
> possible argument, that they are absolutely horrible at this task.
> So delegating it to them is not only lazy, it's insane.
>
> To be clear: yes, users should be able to *report* suspected spam.
> That's why everyone should have an abuse@ address per RFC 2142
> and decades of best practices.   A user who's capable of remembering
> that, and who's capable of forwarding spam to it with full headers,
> is a user at least worth paying attention to.  (And of course the
> local admin/postmaster/abuse/whatever team should read and analyze
> every such message: that's mail system admin 101.)  But a user who
> blindly hits the spam button for any message they don't like or
> don't find useful or don't agree with or anything else is worse
> than useless: they're actively degrading the process.
>
> Dave Crocker put it quite well when he said:
>
>         The best model to invoke, with respect to the idea of recruiting
>         end users to be active participants in abuse detection or
>         prevention is mostly:
>
>         Don't.
>
> Unfortunately, the AOLs and Yahoos of the world are deaf to this.
>
> And as a result of that, I have no doubt whatsoever that many of your
> non-spam messages are being flagged as spam by users at those operations
> (and elsewhere) despite the fact that they're on-topic for a mailing list
> that they signed up for.
>
> I've found it necessary to use VERP and similar techniques to identify
> the specific individuals responsible for this abuse and to either
> (a) unsubscribe them and/or (b) ban them.  This isn't a panacea, but
> it does help cut down on the complaint rate and thus the spurious
> blacklisting.
>
> ---rsk
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/james%40dorydesign.com
>