[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spam in the lists out of control



On Wednesday 12 May 2004 14.58, Martin List-Petersen wrote:

> So why not reimplement whitelist@l.d.o. in a way, that if you use an
> alias, that not is on the whitelist, your email will be hold, you'll
> get a email back to verify your identity and automatically get added
> to the whitelist. This tool also should be aware of "+" as delimiter
> and ignoring everything between "+" and "@", thus enabling all one
> time or special cases once for all for all l.d.o lists.

Additionally, do this only for email with spamassassin score >LIMIT_LOW 
and <LIMIT_HIGH, so only <5% (I'm guessing wildly) of posters will ever 
be affected at all.

LIMIT_LOW could be 0 - there's quite a bit spam that receives a score of 
1.something with my spamassassin setup :-( probably lazyness to 
properly keep the bayes db trained) - I don't know if this is the case 
on l.d.o, though.

While I oppose the use of TMDA and similar systems for private email, 
there is more legitimation on a mailing list. One spam to be deleted 
vs. one erroneous TMDA confirmation to be deleted by a third party is 
one thing, but one spam distributed to 1500 people vs. 1 confirmation 
to one person is a bit something different. Of course, there's still 
the problem that
 - the one confirmation sent in response to a spam will hit somebody who 
has not subscribed to the list, whereas the 1500 people receiving the 
spam did subscribe to the list and
 - spam can fake sender addresses of subscribers.

I think the second issue can be ignored for now - somebody targetting 
Debian lists explicitely will always find a way.

The first issue is tougher.

cheers
-- vbi



-- 
featured link: http://fortytwo.ch/gpg/subkeys

Attachment: pgpCUhpzTMa2b.pgp
Description: signature


Reply to: