On Wednesday 12 May 2004 14.58, Martin List-Petersen wrote: > So why not reimplement whitelist@l.d.o. in a way, that if you use an > alias, that not is on the whitelist, your email will be hold, you'll > get a email back to verify your identity and automatically get added > to the whitelist. This tool also should be aware of "+" as delimiter > and ignoring everything between "+" and "@", thus enabling all one > time or special cases once for all for all l.d.o lists. Additionally, do this only for email with spamassassin score >LIMIT_LOW and <LIMIT_HIGH, so only <5% (I'm guessing wildly) of posters will ever be affected at all. LIMIT_LOW could be 0 - there's quite a bit spam that receives a score of 1.something with my spamassassin setup :-( probably lazyness to properly keep the bayes db trained) - I don't know if this is the case on l.d.o, though. While I oppose the use of TMDA and similar systems for private email, there is more legitimation on a mailing list. One spam to be deleted vs. one erroneous TMDA confirmation to be deleted by a third party is one thing, but one spam distributed to 1500 people vs. 1 confirmation to one person is a bit something different. Of course, there's still the problem that - the one confirmation sent in response to a spam will hit somebody who has not subscribed to the list, whereas the 1500 people receiving the spam did subscribe to the list and - spam can fake sender addresses of subscribers. I think the second issue can be ignored for now - somebody targetting Debian lists explicitely will always find a way. The first issue is tougher. cheers -- vbi -- featured link: http://fortytwo.ch/gpg/subkeys
Attachment:
pgpmWwWnKoRUI.pgp
Description: signature