[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spam in the lists out of control

On Wed, 2004-05-12 at 15:02, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Wednesday 12 May 2004 14.58, Martin List-Petersen wrote:
> > So why not reimplement whitelist@l.d.o. in a way, that if you use an
> > alias, that not is on the whitelist, your email will be hold, you'll
> > get a email back to verify your identity and automatically get added
> > to the whitelist. This tool also should be aware of "+" as delimiter
> > and ignoring everything between "+" and "@", thus enabling all one
> > time or special cases once for all for all l.d.o lists.
> Additionally, do this only for email with spamassassin score >LIMIT_LOW 
> and <LIMIT_HIGH, so only <5% (I'm guessing wildly) of posters will ever 
> be affected at all.
> LIMIT_LOW could be 0 - there's quite a bit spam that receives a score of 
> 1.something with my spamassassin setup :-( probably lazyness to 
> properly keep the bayes db trained) - I don't know if this is the case 
> on l.d.o, though.

I didn't say, that we should remove the spamassessin, that currently is
on the lists. It keeps the worst away :o)

> While I oppose the use of TMDA and similar systems for private email, 

TMDA is good, but not good enough in my opinion. I'm currently
developing something similar that fits into my setup and also would be
able to act as a front end for mailinglists, individually tuned for each
and every list or need. That however is far from finished and well
tested, so not an option.

> there is more legitimation on a mailing list. One spam to be deleted 
> vs. one erroneous TMDA confirmation to be deleted by a third party is 
> one thing, but one spam distributed to 1500 people vs. 1 confirmation 
> to one person is a bit something different. Of course, there's still 
> the problem that
>  - the one confirmation sent in response to a spam will hit somebody who 
> has not subscribed to the list, 

wrong: somebody who has has not subscribed on any list at l.d.o. and
thus not is on the whitelist. It will only hit that person once and
never again and it would (if we take my suggestion about delimiters in
account) even take care of one time email-adresses or list specific

> whereas the 1500 people receiving the 
> spam did subscribe to the list and
>  - spam can fake sender addresses of subscribers.
> I think the second issue can be ignored for now - somebody targetting 
> Debian lists explicitely will always find a way.

I didn't say, my suggestion was 100% tight. I just said it would take
most of it. 

Kind regards,
Martin List-Petersen
martin at list-petersen dot net

Reply to: