On Fri, Oct 20, 2006 at 07:10:20PM -0400, Kevin Mark wrote: > Hi Javier, > On Sat, Oct 21, 2006 at 12:05:58AM +0200, Javier Fernández-Sanguino Peña wrote: > > > > I'm not sure if anybody else is seeing this but I have seen (just today) 28 > > spam messages sent to the BTS. I've received them because they were all sent > > I've seen BTS spam before and ask the list admins about it. I have seen it too, it's just that yesterday it blew out of proportion. > Does BTS mail have identifiable header and/or body characteristics to > determine what is legitimate? Does all mail to the bts come from: debian.org > mailers, reportbugs or some identifable sources that would make > legitimate email identifable? Currently, anyone with a legitimate e-mail address can send a bug report (properly formatted, so it's more difficult for SPAM to open bugs) to control@b.d.o or append information to a bug (no formatting required, so it's rather easy for SPAM to get there) by sending it to XXXX@b.d.o I'm more concerned by the fact that spam can close bugs, for reference read: http://lists.debian.org/debian-devel/2002/05/msg00113.html http://lists.debian.org/debian-devel/2004/03/msg00847.html http://lists.debian.org/debian-devel/2005/07/msg01106.html AFAIK, here's currently no technical measure in place (X-Header required, whitelist of valid senders, GPG signature) that prevents spammers from hitting XXXX-close@b.d.o, so when that happens it has to be delt with manually (like it recently happened with [1], but there have been occassions where it has been more aggresive) Regards Javier [1] http://lists.debian.org/debian-policy/2005/09/msg00064.html
Attachment:
signature.asc
Description: Digital signature