[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

debian-ctte mailing list and spam

As near as I can tell, the only outstanding committee mailing list admin
issue is that the list is closed to non-subscribers.

This is a heuristic to avoid spam -- it involves some admin overhead
to maintain.  [It can be defeated if spammers harvest email addresses
and use them to send spam.]  Heuristics have an admin cost.

It also hurts the committee, at least to some degree, because this
approach makes it hard for domain experts (and other people with useful
information) to help us out.

The advantage of this policy is that it does reduce the amount of spam
the list gets.  For contrast, contrast
   http://lists.debian.org/deity/2004/06/threads.html
which is relaying spam.

Personally, I think we need a better heuristic.

My ideal would be a combination of:

  If the email is signed by some pgp key that we can validate, it's OK.

  Otherwise, send the user some token (with polite and informative
  instructions) and if they respond with that token to some control
  address within a week, forward the message to the list.

But I don't know if that's something the admin team is comfortable with.
Does anyone have any comments on what's doable or good on the debian
servers?

I also don't know how the other committee members would feel about this
mechanism.  [Currently, little traffic is signed, this message included
-- I know I like to minimize my key use for a variety of reasons, most
related to security.  However, this proposal would mean more work for
everybody not signing their messages.]

Thanks,

-- 
Raul
Reply to: