Re: debian-ctte mailing list and spam
Raul Miller writes ("debian-ctte mailing list and spam"):
> As near as I can tell, the only outstanding committee mailing list admin
> issue is that the list is closed to non-subscribers.
I think this is true.
> The advantage of this policy is that it does reduce the amount of spam
> the list gets. For contrast, contrast
> http://lists.debian.org/deity/2004/06/threads.html
> which is relaying spam.
Many other lists get lots of spam too.
> Personally, I think we need a better heuristic.
I agree that a better heuristic would be nice.
> My ideal would be a combination of:
>
> If the email is signed by some pgp key that we can validate, it's OK.
>
> Otherwise, send the user some token (with polite and informative
> instructions) and if they respond with that token to some control
> address within a week, forward the message to the list.
The latter is very close to member posting only. But, yes, I'd be
happy with that.
> But I don't know if that's something the admin team is comfortable with.
> Does anyone have any comments on what's doable or good on the debian
> servers?
I have some effort available for implementing such a scheme, it it
helps.
> I also don't know how the other committee members would feel about this
> mechanism. [Currently, little traffic is signed, this message included
> -- I know I like to minimize my key use for a variety of reasons, most
> related to security. However, this proposal would mean more work for
> everybody not signing their messages.]
It would be straightforward to allow people to use a different
lower-security key. We could add the addresses which respond to the
challenge to a whitelist, turning the whole thing into a
challenge-response scheme.
Ian.
Reply to: