The current shape is almost unusable. I say "almost", because we haven't
had a new thread on an actual on-topic subject since it was started, so
all we have seen is an increasingly bushy discussion of the mailing
list. But experience tell me that the community will wither and die if
we don't find some middle ground.
On-list spam is easy to deal with. Identify the spam, ban the sender.
You can get more complicated than that, but it is easy precisely because
everyone gets to see the bad behavior, especially the list owner.
Off-list spam is much harder for the list management to control.
While it is rare, I have received personal replies to my messages posted
to the list. In most cases, that has been valuable. As luck has it, I
have not received any "bad" messages that I can blame on this list. But
I have pretty solid and stable spam filters between my inbox and the world.
Thinking slightly outside the box, I wonder if some sort of variant of a
honey-pot could be made to work. Set up an "official" bot that posts
daily. Have it post a joke of the day, trivia, help text for each fossil
command in sequence, or anything as long as it is different each post.
Post it from a single-use address, and use each address exactly once,
and only for this post. A name like Honey-[randomness] might work.
Then, use mail sent to that name to identify and block the spammer, and
raise hell with its ISP. In the obvious cases, that could be done
completely automatically. Of course, the spammer might get smarter,
requiring deeper investigation. But at least you'd have a chance of
discovering the incident in a timely fashion.
This list is a valuable resource for new users and boosting fossil's
brand and credibility. It must not be allowed to die.
Finally, if switching off of your current platform becomes an option,
take a look at the relatively young Groups.io platform. It was formed to
combat feature rot in Yahoo Groups, and is also trying to play in that
niche of providing a service that is not quite a forum, but not just a
mailing list.
--Ross Berteig
On 6/22/2016 10:50 PM, Fossil SCM user's discussion wrote:
Thus said Fossil SCM user's discussion on Wed, 22 Jun 2016 11:58:01 -0600:
....
This is how it happens:
1) spam bot subscribes to the mailing list
2) normal user subscribes to the mailing list and asks for help
3) spam bot receives a copy of the email delivered via the ML
4) spam bot sends an email directly to the sender (bypassing the ML)
So, it is not possible for the ML to solve this problem via filtering.
Some of the mechanisms it can use are:
1) make it harder to subscribe in hopes that the bot will be unsuccessful
2) manipulate the From address in some fashion:
a) substitute the ML address but leave the comment in place
b) mangle the address so human can easily figure out the *real* From
c) completely anonymize From (current configuration)
Yes to all of the above. But above all, kill the current blinding anonymity!
--
Ross Berteig r...@cheshireeng.com
Cheshire Engineering Corp. http://www.CheshireEng.com/
+1 626 303 1602
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
