[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spamming the World through Open Debian Mailinglists (Re: lists.debian.org has received bounces from you)

On Sat, 27 Dec 2008, Jeroen Massar wrote:
> [maybe the "Listmaster of the day" is able to read when other people get
> involved in this]

The listmasters are responsible for the lists. Sending mail to
-project isn't particularly useful, as it's not on topic there. [For
those on -project; this reply is going there just to see that someone
has replied; I personally won't respond further, save via
listmaster@.]

> Cord Beermann wrote:
> > Hallo! Du (Jeroen Massar) hast geschrieben:
> > 
> >>> 	(http://lists.debian.org/bounces/iLpJvMjXJJDuaeJK2W6wdA)
> > 
> >> Stop forwarding spam already! I've mentioned this before.
> > 
> >> There is a VERY simple solution to this problem btw: make the list
> >> subscriber-post-only, as the subscriber base is small (and the real
> >> traffic too) it will be hard for the spammers to guess a correct source
> >> address.
> > 
> > We are aware that Debian-Mailinglists aren't 100% spam-free, but if
> > you can't accept that, don't subscribe to our lists.
> 
> The spam-check is not even needed if you would simply close it, as I
> wrote. 

We aren't going to close the lists that are currently open in the
forseeable future. If this is a problem for you, feel free to
unsubscribe.

> If you would change that little thing (making the lists
> post-by-subscribers only) then that spam would not get forwarded by
> the list because the spammers are not signed up in the first place

Spammers have already signed up to our lists on multiple occasions.

> (okay, the spammer could get smart, guess a correct source etc, but
> then only PGP/DKIM/SPF or whatever could save your day)

We already check these when appropriate, and use them to score mail.

> You claim the mailbox does 50k mails per day, and 2500 spams make it
> through the filters (cool that you know that btw, if you know it is
> spam, why don't you filter them?)

Because we don't know that it's spam at the time we send them out,
obviously. [And yes, this means that we're sending somewhere around 5%
spam; we discard well over 99% of it, though, and we're constantly
improving our setup to discard more and more of it.]

> And having to sign up every once in a while to a Debian list is
> really annoying because you get kicked off because you are
> forwarding spam.

If you don't want to deal with the occasional spam that gets through,
then feel free to unsubscribe. Furthemore, the thresholds for
automatic unsubscription are set fairly high anyway; the warning
messages we send out are for your information only, as they often
indicate mail misconfigurations at your end (or rarely, at ours.)

> Just turn on the subscribe-only bit already, that makes it easy for
> EVERYONE and solves all these crappy issues you are having.

It doesn't solve the issues, it doesn't make it easier for everyone,
nor is it a solution that we're going to employ on the lists that are
currently open in the foreseeable future.

> And yes, my SMTP server and those of a lot of other people will
> CORRECTLY refuse to accept mail classified as spam and correctly
> give a 500 SMTP error code as the server will refuse to deliver it.

If you sign up for mail from mailing lists, just discard mail that you
don't want to read that comes in from us with Priority: bulk or List-*
headers instead of bouncing it. A mailing list is little more than a
glorified mail forwarder: bouncing forwarded mail is wrong.


Don Armstrong

-- 
[T]he question of whether Machines Can Think, [...] is about as
relevant as the question of whether Submarines Can Swim.
 -- Edsger W. Dijkstra "The threats to computing science"

http://www.donarmstrong.com              http://rzlab.ucr.edu
Reply to: