Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Fossil SCM user's discussion
 writes:

> Every other product I use has a forum and manages spam with
> moderation and user reporting. Forum threads are way more efficient
> to follow.

All the mailing lists which I follow are via Gmane and Fossil was the
only list where I got spam message privately, but I do not consider it’s
very annoying since it can be dealth with with ’standard’ spam tools at
client side.

However, I certainly do not endorse using forums vs mailing list finding
them clunky, requiring browser for using them etc.

Otoh, mailing list(s) used via Gmane have all the advantages of nntp -
easy (un)subscribing, automatic archives, no need for sorting rules to
avoid INBOX cluttering etc…iow., I hope that mailing list will be kept
using original form…


Sincerely,
Gour

-- 
There is no possibility of one's becoming a yogī, O Arjuna,
if one eats too much or eats too little, sleeps too much
or does not sleep enough.

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Fri, 24 Jun 2016 06:28:03 +0200:

> This would be effective only if the spam is sent from the same address
> subscribed to the list,  no? If it was so then it  would be trivial to
> solve the problem.

There is another alternative that will  be much more reliable, if it can
be done, playing off  the idea of sending out a quote of  the day to the
mailing list that someone suggested (I don't recall who because I am not
able to easily associate names at the moment).

lists.fossil-scm.org is  running Postfix,  which means it  might support
VERPs:

http://cr.yp.to/proto/verp.txt

If this is the case, then it  should be fairly trivial to write a script
that would iterate over each email address in the subscription database,
construct a message of  the day (perhaps even just a  list of the commit
timeline from the last  time the mesage was sent), and  then use VERP to
send a unique message to each subscriber.

Any automatic  replies sent to the  return address would be  suspect and
would automatically reveal to the moderator  *who* is the bot because it
would be encoded in the address.

A variation  on the VERP might  instead encode the address  into a token
that can be tracked  back to an actual address, just in  case the bot is
smart enough  to look  at the  From address and  detect itself  to avoid
being cauth (not likely).

Thoughts?

Andy
-- 
TAI64 timestamp: 4000576e2276


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Fri, 24 Jun 2016 23:08:49 -:

> No,  anonymity doesn't  sucks...I want  anonymity because  as I  said,
> people  don't want  or  even  can't show  up  there details.And  IMHO,
> privacy is  something that we  would like to  have for our  safety and
> everyone else safety...

I believe  most people  subscribe to mailing  lists with  full knowledge
that their email addresses will be harvested, that they may receive some
potentially  offensive messages,  and are  not opposed  to having  their
identities known in public.

If this were not the case, there  are dozens of methods for hiding their
true identity. They can use an  alias and post from email addresses that
reveal  no information.  They can  use gmail,  and come  up with  clever
monikers, or other services that hide this information. It does not take
a mailing list configured in this fashion to hide your information.

> Why don't we go vote for the behavior we do want for this mailing list

So far,  it seems that  most people already have  voted in favor  of the
original behavior.

Andy
-- 
TAI64 timestamp: 4000576e1ff8


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Fri, 24 Jun 2016 23:18:41 -:

>And IMHO, they can whitelist some of us ... can't they ?

Exactly how would that solve the problem?

Andy
-- 
TAI64 timestamp: 4000576e1e72


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Fri, 24 Jun 2016 21:46:29 -0400 / Fossil SCM user's discussion
 said :

> Another immensely popular tool for team, including open-source dev
> and user teams is slack - https://slack.com/
> HipChat is a alternative - https://hipchat.com/

I am forced to use Slack at work and it's bad, it is very hard to
organize discussion, and their XMPP/IRC gateways are not that good
either.

A mailing list is just better is just better to discuss. Or Usenet, but
please don't force us to use another useless web interface.

Mailing lists have been working for dozens of years, I don't see any
reason to change now to something that is worse.

-- BohwaZ
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Gitter has an IRC bridge, but gitter's re-editing facility results in
duplicated posts which can be confusing and tiresome.
I agree that we don't want to tie DRH up with constant live chat; it seems
to cost Nenad (Red) too much.
A forum then...
Newlisp has roughly the same number of members as Fossil and they use a
Forum (phpBB, http://www.newlispfanclub.alh.net/forum/index.php)



On 25 June 2016 at 12:37, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

> On 24 June 2016 at 18:46, Fossil SCM user's discussion
>  wrote:
> > Another immensely popular tool for team, including open-source dev and
> user
> > teams is slack - https://slack.com/
> > HipChat is a alternative - https://hipchat.com/
> >
> > Host it yourself Slack-alikes using open-source include
> > http://www.mattermost.org/ and https://www.zulip.org/
> >
> > These of these tools mentioned give plenty of integrations, including to
> > iPhone/Android apps or gateways to email.
> >
>
> If this list was much more active, outside of this single email
> thread, I could understand the desire of something real time
> communication. However, Dr. Hipp seems very busy so he likely wouldn't
> be able to have continuous conversations. Most of those who know
> Fossil/sqlite inner workings well are across the world in different
> time zones, and they're not available all of the time. I'm perfectly
> happy as a user of fossil to write an email, post it and hope someone
> will take the time to respond to the post.
>
> Knowing this mailing list is less than 1000 people, I'm happy to be an
> elite member with such intelligent, now anonymous, people. Whoever you
> are--thank you and let's work on making Fossil great again. ;)
>
> In the end if I were to chose real time communication on an open
> source project, I'd prefer IRC.
>
> By the way, there's stackoverflow.com with a fossil section:
> http://stackoverflow.com/questions/tagged/fossil
>
> Enjoy the weekend!
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On 24 June 2016 at 18:46, Fossil SCM user's discussion
 wrote:
> Another immensely popular tool for team, including open-source dev and user
> teams is slack - https://slack.com/
> HipChat is a alternative - https://hipchat.com/
>
> Host it yourself Slack-alikes using open-source include
> http://www.mattermost.org/ and https://www.zulip.org/
>
> These of these tools mentioned give plenty of integrations, including to
> iPhone/Android apps or gateways to email.
>

If this list was much more active, outside of this single email
thread, I could understand the desire of something real time
communication. However, Dr. Hipp seems very busy so he likely wouldn't
be able to have continuous conversations. Most of those who know
Fossil/sqlite inner workings well are across the world in different
time zones, and they're not available all of the time. I'm perfectly
happy as a user of fossil to write an email, post it and hope someone
will take the time to respond to the post.

Knowing this mailing list is less than 1000 people, I'm happy to be an
elite member with such intelligent, now anonymous, people. Whoever you
are--thank you and let's work on making Fossil great again. ;)

In the end if I were to chose real time communication on an open
source project, I'd prefer IRC.

By the way, there's stackoverflow.com with a fossil section:
http://stackoverflow.com/questions/tagged/fossil

Enjoy the weekend!
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Oh... If we're offering alternatives, I recently joined
https://gitter.im/red/red and don't completely hate its interface.

On 25 June 2016 at 09:46, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

> Another immensely popular tool for team, including open-source dev and
> user teams is slack - https://slack.com/
> HipChat is a alternative - https://hipchat.com/
>
> Host it yourself Slack-alikes using open-source include
> http://www.mattermost.org/ and https://www.zulip.org/
>
> These of these tools mentioned give plenty of integrations, including to
> iPhone/Android apps or gateways to email.
>
> Gooling for "slack spam' I found
> https://loganix.net/how-we-use-slack-to-beat-down-referral-spammers/. Not
> so much about email, but the guy's business was having faked HTTP-referrers
> (for some reason) and he'd written a slack-bot to purge such data from his
> backends.
>
> - Paul Hammant
>
>
>
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
>
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Another immensely popular tool for team, including open-source dev and user
teams is slack - https://slack.com/
HipChat is a alternative - https://hipchat.com/

Host it yourself Slack-alikes using open-source include
http://www.mattermost.org/ and https://www.zulip.org/

These of these tools mentioned give plenty of integrations, including to
iPhone/Android apps or gateways to email.

Gooling for "slack spam' I found
https://loganix.net/how-we-use-slack-to-beat-down-referral-spammers/. Not
so much about email, but the guy's business was having faked HTTP-referrers
(for some reason) and he'd written a slack-bot to purge such data from his
backends.

- Paul Hammant
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

K,


And IMHO, they can whitelist some of us ... can't they ?


No, I don't think they can.

The limitation is that the Fossil list is run on software (Mailman 
v2.1.14) that doesn't have any of these features that we've been 
imagining (myself included).


At the very least the list would have to be updated to a newer version 
of Mailman to get the ability to replace only the email address in the 
From, leaving the name intact. At least, I think that's what the option 
I read about does.


Beyond that, someone would have to come up with a patch to Mailman to 
implement one or more of the ideas. I've never looked at the source to 
Mailman, but I can't imagine the task would be trivial.


Shal
s...@cheshireeng.com

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

This change, if not reverted to something more pleasant, is going to kill
this mailing list.
I agree with Andy (at least, I think it was he) who said that not all
opinions are equally weighted; I like to know who's speaking before I
invest time in reading their post.
Spam is a perennial problem facing the whole internet (and even RL with
fliers in your mailbox and under your windscreen wipers, yadda). It's not
Fossil's job to Kill All Spam. We all have and use spam filters. It's just
a part of life. It's one of the unspoken rules of engagement when signing
up to participate online: you will be spammed; you will be trolled; welcome
aboard.

Barry (an almost nobody on this list, weight=$0.02)

On 25 June 2016 at 07:08, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

> No, anonymity doesn't sucks...
> I want anonymity because as I said, people don't want or even can't show
> up there details.
> And IMHO, privacy is something that we would like to have for our safety
> and everyone else safety...
>
> Those who would like to be known, I suggest them to put the appropriate
> inof they may want in the signature.
> No one, not me at least, would be bothered about that...
>
> Only bad conduct should be banned, and I suppose that Fossil have got all
> the information to stop people.
> (IP adress, e-mail, etc.)
>
> PS: Hmmm... So no one is interested about my suggest ?
> (Why don't we go vote for the behavior we do want for this mailing list)
> Have a nice WE, everyone.
>
>
> Best Regards
>
> K.
>
>
> --
> *De :* Fossil SCM user's discussion <fossil-users@lists.fossil-scm.org>
> *À :* fossil-users@lists.fossil-scm.org
> *Envoyé le :* Vendredi 24 juin 2016 17h43
> *Objet :* Re: [fossil-users] More reply spam...
>
> On 6/23/2016 9:11 PM, Fossil SCM user's discussion wrote:
> > Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 09:24:26
> +0200:
> >> the tree-like nature of a thread is now gone (isn't it?)
> > No,  threading  should still  work.  Just  start  a  new thread  with  a
> > different  subject.  Typically  threading  is handled  by  Reference  or
> > In-Reply-To header analysis.
>
> We now have an example of a fresh thread. Anonymity still sucks, but at
> least threading does work.
>
> --
> Ross Berteig  r...@cheshireeng.com
> Cheshire Engineering Corp.  http://www.CheshireEng.com/
> <http://www.cheshireeng.com/>
> +1 626 303 1602
>
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
>
>
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
>
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Sat, Jun 25, 2016 at 1:18 AM, Fossil SCM user's discussion
 wrote:
> periodically ?
> Sometimes I do not even read my e-mails...

And sometimes you read only the first line, apparently.

> At least, Fossil knows who are not bot... (Am I a bot ? Seriously?)
> And IMHO, they can whitelist some of us ... can't they ?

As I already wrote, one on topic post on the list could give one a
perpetual pass. Or they will be whitelisted, if you prefer.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

periodically ?Sometimes I do not even read my e-mails...
At least, Fossil knows who are not bot... (Am I a bot ? Seriously?)And IMHO, 
they can whitelist some of us ... can't they ?


Best Regards

K.

  De : Fossil SCM user's discussion <fossil-users@lists.fossil-scm.org>
 À : Fossil SCM user's discussion <fossil-users@lists.fossil-scm.org> 
 Envoyé le : Vendredi 24 juin 2016 18h09
 Objet : Re: [fossil-users] More reply spam...
  


What about putting up a system which periodically sends out a request
to list subscribers to confirm they are not a bot? Like, answering a
simple question.

Those who don't pass could be put on hold and stop receiving emails
from the list.

The request could be sent only to subscribers which have never posted
to the list.

Sending one on topic email to the list could serve as a perpetual pass.

Just an idea.

PB
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


  ___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

No, anonymity doesn't sucks...I want anonymity because as I said, people don't 
want or even can't show up there details.And IMHO, privacy is something that we 
would like to have for our safety and everyone else safety...
Those who would like to be known, I suggest them to put the appropriate inof 
they may want in the signature.No one, not me at least, would be bothered about 
that...
Only bad conduct should be banned, and I suppose that Fossil have got all the 
information to stop people.(IP adress, e-mail, etc.)

PS: Hmmm... So no one is interested about my suggest ?(Why don't we go vote for 
the behavior we do want for this mailing list)Have a nice WE, everyone.

Best Regards

K.

  De : Fossil SCM user's discussion <fossil-users@lists.fossil-scm.org>
 À : fossil-users@lists.fossil-scm.org 
 Envoyé le : Vendredi 24 juin 2016 17h43
 Objet : Re: [fossil-users] More reply spam...
   
On 6/23/2016 9:11 PM, Fossil SCM user's discussion wrote:
> Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 09:24:26 +0200:
>> the tree-like nature of a thread is now gone (isn't it?)
> No,  threading  should still  work.  Just  start  a  new thread  with  a
> different  subject.  Typically  threading  is handled  by  Reference  or
> In-Reply-To header analysis.

We now have an example of a fresh thread. Anonymity still sucks, but at 
least threading does work.

-- 
Ross Berteig                              r...@cheshireeng.com
Cheshire Engineering Corp.          http://www.CheshireEng.com/
+1 626 303 1602
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


  ___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

This is what I've said ... (just show names if people do want that)
To block the bot isn't it easy to just say to Google, etc. and the mailman 
admin of the mailman website that is used by Fossil that there is a bot ?I'm 
quite sure that they may help.

 
Best Regards

K.

  De : Fossil SCM user's discussion <fossil-users@lists.fossil-scm.org>
 À : fossil-users@lists.fossil-scm.org 
 Envoyé le : Vendredi 24 juin 2016 7h54
 Objet : Re: [fossil-users] More reply spam...
   

Yes just remove the email address but not the name, and problem solved
in a better way until we find a solution to block this bot.

Cheers,

-- bohwaz
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


  ___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

What about putting up a system which periodically sends out a request
to list subscribers to confirm they are not a bot? Like, answering a
simple question.

Those who don't pass could be put on hold and stop receiving emails
from the list.

The request could be sent only to subscribers which have never posted
to the list.

Sending one on topic email to the list could serve as a perpetual pass.

Just an idea.

PB
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On 6/23/2016 9:11 PM, Fossil SCM user's discussion wrote:

Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 09:24:26 +0200:

the tree-like nature of a thread is now gone (isn't it?)

No,  threading  should still  work.  Just  start  a  new thread  with  a
different  subject.  Typically  threading  is handled  by  Reference  or
In-Reply-To header analysis.


We now have an example of a fresh thread. Anonymity still sucks, but at 
least threading does work.


--
Ross Berteig   r...@cheshireeng.com
Cheshire Engineering Corp.   http://www.CheshireEng.com/
+1 626 303 1602
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On 6/23/2016 11:22 PM, Fossil SCM user's discussion wrote:


I didn't write the MLM (It's "mailman" for what that's worth).  I
didn't even install it. ...

Do you have patches for us?
   
Alas, no. I'm not familiar with mailman or with Python. A glance at the 
mailman docs suggests that setting the from_is_list option to Munge From 
might be a way to replace the email address without losing the display 
part of the From. It is said to be less drastic than anonymous_list. 
Applies to Mailman 2.1.16 or newer.


That doesn't help us track down the bot member, but at least it should 
have less impact on discussions.


Shal

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Yes just remove the email address but not the name, and problem solved
in a better way until we find a solution to block this bot.

Cheers,

-- bohwaz
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Fri, Jun 24, 2016 at 2:16 AM, Fossil SCM user's discussion
 wrote:
>
> The trick is to figure out how to put a short nonce in each outbound subject
> line. Maybe just member serial number, but something unique to the
> recipient.

I didn't write the MLM (It's "mailman" for what that's worth).  I
didn't even install it. I don't know much about it.  It seems to be
written in Python and consists of lots of little scripts all scattered
hither and yon across the filesystem.  Probably there is some way to
modify the code to insert unique identifiers on each subject line, and
then track those back to a receipient.  But I don't know how to do
that.

Do you have patches for us?
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Dr. H.

> ... the bot's reply uses In-Reply-To and duplicates the subject line
> from a prior legitimate email.

There's your hook: the subject line.

The trick is to figure out how to put a short nonce in each outbound 
subject line. Maybe just member serial number, but something unique to 
the recipient.


519 members is only three characters, two if you base-26 it.

I suppose that might play havoc with email interfaces that thread by 
subject line.


Shal

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Thu, Jun 23, 2016 at 10:33 PM, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

> Thus said Fossil SCM user's discussion on Fri, 24 Jun 2016 06:28:03 +0200:
>
> > This would be effective only if the spam is sent from the same address
> > subscribed to the list,  no? If it was so then it  would be trivial to
> > solve the problem.
>
> Yes, you're right, as  I realized in an email that  I apparently sent as
> you were composing your reply.
>
> As I  suggested, some profiling  could actually  be done to  discover if
> such an approach would be effective.
>

In a past situation on one of these mailing lists, someone wrote a script
to bisect the list and narrow down where the auto reply crap was coming
from. It was apparently quite effective


>
> Andy
> --
> TAI64 timestamp: 4000576cb845
>
>
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>



-- 
Scott Robison
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Fri, Jun 24, 2016 at 12:43 AM, Fossil SCM user's discussion
 wrote:
>
> How big *is* the current list of subscribers?

519 members

-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Brad here.

How big *is* the current list of subscribers?

-bch
On Jun 23, 2016 9:33 PM, "Fossil SCM user's discussion" <
fossil-users@lists.fossil-scm.org> wrote:

> Thus said Fossil SCM user's discussion on Fri, 24 Jun 2016 06:28:03 +0200:
>
> > This would be effective only if the spam is sent from the same address
> > subscribed to the list,  no? If it was so then it  would be trivial to
> > solve the problem.
>
> Yes, you're right, as  I realized in an email that  I apparently sent as
> you were composing your reply.
>
> As I  suggested, some profiling  could actually  be done to  discover if
> such an approach would be effective.
>
> Andy
> --
> TAI64 timestamp: 4000576cb845
>
>
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Fri, 24 Jun 2016 06:28:03 +0200:

> This would be effective only if the spam is sent from the same address
> subscribed to the list,  no? If it was so then it  would be trivial to
> solve the problem.

Yes, you're right, as  I realized in an email that  I apparently sent as
you were composing your reply.

As I  suggested, some profiling  could actually  be done to  discover if
such an approach would be effective.

Andy
-- 
TAI64 timestamp: 4000576cb845


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on 23 Jun 2016 22:23:47 -0600:

> Yes, I think this is the best  option actually, and one that I've used
> before. The  trick would  be to  setup a server  that does  not filter
> email, because if it filters out the spam before it can be reacted to,
> then we lose.

Well,  there's actually  one problem  with this  that would  be hard  to
overcome.  That's  knowing  the  actual  address  which  they  used  for
subscription.  Because From  headers and  Envelope From  headers can  be
fabricated, there's no  guarantee that the address they use  will be the
one they used to subscribe, but, at least it's an effort.

Some investigation  could be done  to analyze  the pattern (e.g.  see if
they use the subscription address when sending the spam or not) prior to
enabling such a thing.

Andy
-- 
TAI64 timestamp: 4000576cb7ed


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Fri, Jun 24, 2016 at 6:23 AM, Fossil SCM user's discussion
 wrote:

> Any email sent to the spam trap triggers an automatic unsubscription.

This would be effective only if the spam is sent from the same address
subscribed to the list, no?  If it was so then it would be trivial to
solve the problem.

(FWIW, I prefer the spam to this situation)

Cheers
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 13:38:24 -0700:

> Thinking slightly outside the box, I wonder if some sort of variant of
> a honey-pot could be made to work. Set up an "official" bot that posts
> daily. Have  it post  a joke of  the day, trivia,  help text  for each
> fossil command  in sequence, or  anything as  long as it  is different
> each post.  Post it from  a single-use  address, and use  each address
> exactly once, and  only for this post. A  name like Honey-[randomness]
> might work.

Yes, I think  this is the best  option actually, and one  that I've used
before. The trick would be to setup a server that does not filter email,
because if it filters out the spam  before it can be reacted to, then we
lose.

Any email sent to the spam trap triggers an automatic unsubscription.

Andy
-- 
TAI64 timestamp: 4000576cb5f7


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 18:05:16 +0700:

> Which prevents  the simple approach  we used on sqlite-users  to flush
> out the spammer. (this reply is mainly  so I can see the exciting spam
> messages everyone else is talking about...).

Too bad, it won't work. That's kind of the point of the experiment. Your
email address  is hidden, so  the only address  that the spammer  has is
fossil-users@lists.fossil-scm.org and  unless the  bot decides  to start
sending emails there and reveal himself, you won't get the spam.

Andy
-- 
TAI64 timestamp: 4000576cb506


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 13:02:33 +0200:

> I'd rather fossil not go there. [Google]

+1

Andy
-- 
TAI64 timestamp: 4000576cb4aa


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 06:57:46 -0400:

> Or you could  stick with this "from:fossil-users@lists.fossil-scm.org,
> to:  fossil-users@lists.fossil-scm.org" situation,  and lose  loads of
> goodwill.

Hopefully everyone understands this is ``an experiment'' for the moment.
:-) People are  expressing their opinions. Sooner or  later Richard will
decide what  the final outcome  is, but  hopefully it doesn't  cause the
loss of goodwill.

Andy
-- 
TAI64 timestamp: 4000576cb48e


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 06:48:38 -0400:

> Both  lists  require  moderator  action  on first  post  for  each  (a
> configuration choice). Google's  spam logic is really  good at picking
> out spam before moderators are asked  for action - maybe too good (you
> can't turn spam-filtering off).

How would this  help? The problem isn't moderation. I'm  sure if Richard
wanted, he  could enable moderation,  but that won't actually  solve the
problem under discussion.

Andy
-- 
TAI64 timestamp: 4000576cb41e


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 10:54:46 +0200:

> Finally not understanding why the list of subscribers cannot be better
> controlled, given the  underlying issue is a spammer  is subscribed to
> the ML.

Probably the  most flexibility  would come  from a  MLM that  allows the
subscribers to  customize their preference  (e.g. some may want  to have
the MLM hide their  From, while others may not). I don't  know if such a
mechanis exists in any modern MLMs.

Andy
-- 
TAI64 timestamp: 4000576cb3bc


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Thu, 23 Jun 2016 09:24:26 +0200:

> the tree-like nature of a thread is now gone (isn't it?)

No,  threading  should still  work.  Just  start  a  new thread  with  a
different  subject.  Typically  threading  is handled  by  Reference  or
In-Reply-To header analysis.

Andy
-- 
TAI64 timestamp: 4000576cb32e


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Thu, Jun 23, 2016 at 10:00 PM, Fossil SCM user's discussion
 wrote:
>
> The problem isn't that the messages are being posted to the ML, but that the
> bot is passively harvesting email addresses from messages it receives from
> the ML
>

Yes.  But more than that, the bot's reply uses In-Reply-To and
duplicates the subject line from a prior legitimate email.  This
allows it to sneak past spam filters that would otherwise reject it.


-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Thu, Jun 23, 2016 at 6:48 AM, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

>
> Both lists require moderator action on first post for each (a
> configuration choice).  Google's spam logic is really good at picking out
> spam before moderators are asked for action - maybe too good (you can't
> turn spam-filtering off).
>

The problem isn't that the messages are being posted to the ML, but that
the bot is passively harvesting email addresses from messages it receives
from the ML

Unless you are proposing that new subscribers not be sent messages until
they have successfully posted their first message.

Leaving the name in the From and replacing the address with a honey-pot
address may be the sanest work-around for the problem.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Thu, Jun 23, 2016 at 11:40 PM, Fossil SCM user's discussion
 wrote:

> Is the software for the mailing list open source? If so, can i get a link to
> its location.

https://www.gnu.org/software/mailman/

㎝

-- 
|:**THE BEER-WARE LICENSE** *(Revision 42)*:
|  wrote this mail. As long as you retain
| this notice you can do whatever you want with this stuff.
| If we meet some day, and you think this stuff is worth it,
| you can buy me a beer in return.
|--Carlo Miron :
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Is the software for the mailing list open source? If so, can i get a 
link to its location.


-
Scott Doctor
sc...@scottdoctor.com

On 06/23/2016 13:51, Fossil SCM user's discussion wrote:

Yes, very hard to follow anonymous discussion and returned copies.
Every other product I use has a forum and manages spam with moderation 
and user reporting. Forum threads are way more efficient to follow. 
Moot point if no bandwidth to administrate?


s k y 5 w a l k a t g m a i l d o t c o m  <-- argg :)

On Thu, Jun 23, 2016 at 4:38 PM, Fossil SCM user's discussion 
> wrote:


The current shape is almost unusable. I say "almost", because we
haven't had a new thread on an actual on-topic subject since it
was started, so all we have seen is an increasingly bushy
discussion of the mailing list. But experience tell me that the
community will wither and die if we don't find some middle ground.

On-list spam is easy to deal with. Identify the spam, ban the
sender. You can get more complicated than that, but it is easy
precisely because everyone gets to see the bad behavior,
especially the list owner.

Off-list spam is much harder for the list management to control.

While it is rare, I have received personal replies to my messages
posted to the list. In most cases, that has been valuable. As luck
has it, I have not received any "bad" messages that I can blame on
this list. But I have pretty solid and stable spam filters between
my inbox and the world.

Thinking slightly outside the box, I wonder if some sort of
variant of a honey-pot could be made to work. Set up an "official"
bot that posts daily. Have it post a joke of the day, trivia, help
text for each fossil command in sequence, or anything as long as
it is different each post. Post it from a single-use address, and
use each address exactly once, and only for this post. A name like
Honey-[randomness] might work.

Then, use mail sent to that name to identify and block the
spammer, and raise hell with its ISP. In the obvious cases, that
could be done completely automatically. Of course, the spammer
might get smarter, requiring deeper investigation. But at least
you'd have a chance of discovering the incident in a timely fashion.

This list is a valuable resource for new users and boosting
fossil's brand and credibility. It must not be allowed to die.

Finally, if switching off of your current platform becomes an
option, take a look at the relatively young Groups.io platform. It
was formed to combat feature rot in Yahoo Groups, and is also
trying to play in that niche of providing a service that is not
quite a forum, but not just a mailing list.

--Ross Berteig

On 6/22/2016 10:50 PM, Fossil SCM user's discussion wrote:

Thus said Fossil SCM user's discussion on Wed, 22 Jun 2016
11:58:01 -0600:

This is how it happens:

1) spam bot subscribes to the mailing list
2) normal user subscribes to the mailing list and asks for help
3) spam bot receives a copy of the email delivered via the ML
4) spam bot sends an email directly to the sender (bypassing
the ML)

So, it is not  possible for the ML to solve  this problem via
filtering.
Some of the mechanisms it can use are:

1) make it harder to subscribe in hopes that the bot will be
unsuccessful
2) manipulate the From address in some fashion:
  a) substitute the ML address but leave the comment in place
  b) mangle the address so human can easily figure out the
*real* From
  c) completely anonymize From (current configuration)


Yes to all of the above. But above all, kill the current blinding
anonymity!

-- 
Ross Berteig  r...@cheshireeng.com

Cheshire Engineering Corp. http://www.CheshireEng.com/
+1 626 303 1602 
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org

http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users




___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Yes, very hard to follow anonymous discussion and returned copies.
Every other product I use has a forum and manages spam with moderation and
user reporting. Forum threads are way more efficient to follow. Moot point
if no bandwidth to administrate?

s k y 5 w a l k a t g m a i l d o t c o m  <-- argg :)

On Thu, Jun 23, 2016 at 4:38 PM, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

> The current shape is almost unusable. I say "almost", because we haven't
> had a new thread on an actual on-topic subject since it was started, so all
> we have seen is an increasingly bushy discussion of the mailing list. But
> experience tell me that the community will wither and die if we don't find
> some middle ground.
>
> On-list spam is easy to deal with. Identify the spam, ban the sender. You
> can get more complicated than that, but it is easy precisely because
> everyone gets to see the bad behavior, especially the list owner.
>
> Off-list spam is much harder for the list management to control.
>
> While it is rare, I have received personal replies to my messages posted
> to the list. In most cases, that has been valuable. As luck has it, I have
> not received any "bad" messages that I can blame on this list. But I have
> pretty solid and stable spam filters between my inbox and the world.
>
> Thinking slightly outside the box, I wonder if some sort of variant of a
> honey-pot could be made to work. Set up an "official" bot that posts daily.
> Have it post a joke of the day, trivia, help text for each fossil command
> in sequence, or anything as long as it is different each post. Post it from
> a single-use address, and use each address exactly once, and only for this
> post. A name like Honey-[randomness] might work.
>
> Then, use mail sent to that name to identify and block the spammer, and
> raise hell with its ISP. In the obvious cases, that could be done
> completely automatically. Of course, the spammer might get smarter,
> requiring deeper investigation. But at least you'd have a chance of
> discovering the incident in a timely fashion.
>
> This list is a valuable resource for new users and boosting fossil's brand
> and credibility. It must not be allowed to die.
>
> Finally, if switching off of your current platform becomes an option, take
> a look at the relatively young Groups.io platform. It was formed to combat
> feature rot in Yahoo Groups, and is also trying to play in that niche of
> providing a service that is not quite a forum, but not just a mailing list.
>
> --Ross Berteig
>
> On 6/22/2016 10:50 PM, Fossil SCM user's discussion wrote:
>
>> Thus said Fossil SCM user's discussion on Wed, 22 Jun 2016 11:58:01 -0600:
>> 
>> This is how it happens:
>>
>> 1) spam bot subscribes to the mailing list
>> 2) normal user subscribes to the mailing list and asks for help
>> 3) spam bot receives a copy of the email delivered via the ML
>> 4) spam bot sends an email directly to the sender (bypassing the ML)
>>
>> So, it is not  possible for the ML to solve  this problem via filtering.
>> Some of the mechanisms it can use are:
>>
>> 1) make it harder to subscribe in hopes that the bot will be unsuccessful
>> 2) manipulate the From address in some fashion:
>>   a) substitute the ML address but leave the comment in place
>>   b) mangle the address so human can easily figure out the *real* From
>>   c) completely anonymize From (current configuration)
>>
>
> Yes to all of the above. But above all, kill the current blinding
> anonymity!
>
> --
> Ross Berteig   r...@cheshireeng.com
> Cheshire Engineering Corp.   http://www.CheshireEng.com/
> +1 626 303 1602
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

The current shape is almost unusable. I say "almost", because we haven't 
had a new thread on an actual on-topic subject since it was started, so 
all we have seen is an increasingly bushy discussion of the mailing 
list. But experience tell me that the community will wither and die if 
we don't find some middle ground.


On-list spam is easy to deal with. Identify the spam, ban the sender. 
You can get more complicated than that, but it is easy precisely because 
everyone gets to see the bad behavior, especially the list owner.


Off-list spam is much harder for the list management to control.

While it is rare, I have received personal replies to my messages posted 
to the list. In most cases, that has been valuable. As luck has it, I 
have not received any "bad" messages that I can blame on this list. But 
I have pretty solid and stable spam filters between my inbox and the world.


Thinking slightly outside the box, I wonder if some sort of variant of a 
honey-pot could be made to work. Set up an "official" bot that posts 
daily. Have it post a joke of the day, trivia, help text for each fossil 
command in sequence, or anything as long as it is different each post. 
Post it from a single-use address, and use each address exactly once, 
and only for this post. A name like Honey-[randomness] might work.


Then, use mail sent to that name to identify and block the spammer, and 
raise hell with its ISP. In the obvious cases, that could be done 
completely automatically. Of course, the spammer might get smarter, 
requiring deeper investigation. But at least you'd have a chance of 
discovering the incident in a timely fashion.


This list is a valuable resource for new users and boosting fossil's 
brand and credibility. It must not be allowed to die.


Finally, if switching off of your current platform becomes an option, 
take a look at the relatively young Groups.io platform. It was formed to 
combat feature rot in Yahoo Groups, and is also trying to play in that 
niche of providing a service that is not quite a forum, but not just a 
mailing list.


--Ross Berteig

On 6/22/2016 10:50 PM, Fossil SCM user's discussion wrote:

Thus said Fossil SCM user's discussion on Wed, 22 Jun 2016 11:58:01 -0600:

This is how it happens:

1) spam bot subscribes to the mailing list
2) normal user subscribes to the mailing list and asks for help
3) spam bot receives a copy of the email delivered via the ML
4) spam bot sends an email directly to the sender (bypassing the ML)

So, it is not  possible for the ML to solve  this problem via filtering.
Some of the mechanisms it can use are:

1) make it harder to subscribe in hopes that the bot will be unsuccessful
2) manipulate the From address in some fashion:
  a) substitute the ML address but leave the comment in place
  b) mangle the address so human can easily figure out the *real* From
  c) completely anonymize From (current configuration)


Yes to all of the above. But above all, kill the current blinding anonymity!

--
Ross Berteig   r...@cheshireeng.com
Cheshire Engineering Corp.   http://www.CheshireEng.com/
+1 626 303 1602
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Wed, Jun 22, 2016 at 10:54:47AM -0400, Fossil SCM user's discussion wrote:
> In an effort to thwart this attack, I have converted fossil-users into
> an "anonymous" list.  That means that the email address of senders is
> always stripped.  Replies can go to the mailing list only.

This makes the list IMO unusable. At the very least, please include the
original name, otherwise this is even worse than the DKIM support
forced by Google et al.

Joerg

PS: due to working spam filtering, I haven't even noticed the original
issue...
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Thu, Jun 23, 2016 at 06:48:38AM -0400, Fossil SCM user's discussion wrote:
> Michal - the answer is super-simple - move the email list to Google Groups.

Please no. I find Google Groups to be super painful. It also doesn't fix
the problem.

Joerg
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

* Fossil SCM user's discussion  [20160622 
16:40]:
> As anyone who has recently posted to this mailing lists probably
> already knows, some miscreant has again set up a reply-spam bot.
> Whenever you post to this list, the bot sends porn-spam as a private
> reply.  Because the reply is private, there is nothing the mailing
> list can do to filter it out.
> 
> In an effort to thwart this attack, I have converted fossil-users into
> an "anonymous" list.  That means that the email address of senders is
> always stripped.  Replies can go to the mailing list only.
> 
> This is an experiment.  If it does not work out, we'll try to come up
> with an alternative remediation to the reply-spam problem.

Replying to
1. vote against (destroys community conversation)
2. get the spam (curious
3. suggest either subscription moderation and/or an identity-preserving
header mangling sending the bot to a honeypot

qvb
--
pica
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Thu, Jun 23, 2016 at 6:48 AM, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

> Michal - the answer is super-simple - move the email list to Google Groups.
>
>
>
I don't think that helps any because the spam is not coming through the
mailing list.  The spam is a direct reply to the sender that bypasses the
mailing list.  Google Groups can filter all it wants, and it still won't
stop the spam.

-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On 06/23/2016 05:57 PM, Fossil SCM user's discussion wrote:



I agree. This sucks. Also writing because I want some juice spam
to inspect.
Finally not understanding why the list of subscribers cannot be better
controlled, given the underlying issue is a spammer is subscribed
to the ML.


The spammers bot is subscribing new accounts as needed to continue to 
do spam activity.


Which prevents the simple approach we used on sqlite-users to flush out 
the spammer. (this reply is mainly so I can see the exciting spam 
messages everyone else is talking about...).


Dan.





UNTIL the first postings of each correspondent is held pending 
moderator action (and for the sanity of the moderator - spam 
determination) the bot is always going to be able to outpace people 
attempts to thwart spam.


Or you could stick with this "from:fossil-users@lists.fossil-scm.org 
, to: 
fossil-users@lists.fossil-scm.org 
" situation, and lose loads 
of goodwill.


- Paul H




___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On 2016-06-23 06:48:38, Fossil SCM user's discussion wrote:
> Both lists require moderator action on first post for each (a configuration
> choice).  

That's not exactly a feature that only google groups offers.


> Google's spam logic is really good at picking out spam before
> moderators are asked for action - maybe too good (you can't
> turn spam-filtering off).

I invite you to read 
http://www.usnews.com/opinion/articles/2016-06-22/google-is-the-worlds-biggest-censor-and-its-power-must-be-regulated
and reckon whether it's a good idea that someone who is coming to the fossil ML 
for
help might be deemed inappropriate by google and filtered out for some arcane 
reason. 
It's not like you have any rights to the data, the service, or anything once 
you sign up with
Google. Enjoy your non-freedom while it's cozy for you, and pat yourself on the 
back for
forcing users of your OSS to the biggest honeypot we currently have in this 
world.

I'd rather fossil not go there.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

>
>
> I agree. This sucks. Also writing because I want some juice spam to
> inspect.
> Finally not understanding why the list of subscribers cannot be better
> controlled, given the underlying issue is a spammer is subscribed to the
> ML.
>

The spammers bot is subscribing new accounts as needed to continue to do
spam activity. UNTIL the first postings of each correspondent is held
pending moderator action (and for the sanity of the moderator - spam
determination) the bot is always going to be able to outpace people
attempts to thwart spam.

Or you could stick with this "from:fossil-users@lists.fossil-scm.org, to:
fossil-users@lists.fossil-scm.org" situation, and lose loads of goodwill.

- Paul H
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Michal - the answer is super-simple - move the email list to Google Groups.

Here's a project I co-founded 12 years ago, Selenium. Devs use
https://groups.google.com/forum/#!forum/selenium-developers. Users use
*https://groups.google.com/forum/#!forum/selenium-users
*

Most people just post to the mail-list though and it functions as you'd
expect. You don't need to have a Google Account - just any email account
from any provider.

Both lists require moderator action on first post for each (a configuration
choice).  Google's spam logic is really good at picking out spam before
moderators are asked for action - maybe too good (you can't
turn spam-filtering off).

- Paul H


On Thu, Jun 23, 2016 at 3:24 AM, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

> Hi,
>
> (I replied to the last message sent at this point, not to the original
> post in this thread)
>


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On 2016-06-23 10:14:25, Fossil SCM user's discussion wrote:
> On Thu, 23 Jun 2016 07:26:02 +0200, Fossil SCM user's discussion  
>  wrote:
> 
> > Thus said Fossil SCM user's discussion on Wed, 22 Jun 2016 10:54:47  
> > -0400:
> >

> and +1 to all of these points. the present approach replaces an (possbily  
> serious) annoyance (spam) with a real problem (destroying valuable and  
> important logical structure from the "set of posts" to the mail list).

I agree. This sucks. Also writing because I want some juice spam to inspect.
Finally not understanding why the list of subscribers cannot be better 
controlled, given the underlying issue is a spammer is subscribed to the ML.

-guess who
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Thu, 23 Jun 2016 07:26:02 +0200, Fossil SCM user's discussion  
 wrote:


Thus said Fossil SCM user's discussion on Wed, 22 Jun 2016 10:54:47  
-0400:



This is an experiment.


Hopefully one that is short lived. :-)

It's pretty confusing to see a  bunch of emails coming from ``Fossil SCM
user's discussion'' in my MUA.

I often like to brain filter  messages (e.g. decide which emails to read
first according to sender) but this  will not work now that all messages
are ``anonymous''.

In addition, I like to know who is speaking *before* I start reading the
message because I think this is  important context. Sure, I suppose that
might bias my interpretation of the words  I see in the message, but I'm
willing to live with that. :-)

I've read through a  number of replies on this thread  and I'm still not
certain who sent them and don't really want to invest the time trying to
figure it  out. This is  exacerbated when the  signature is at  the very
bottom,  after a  long response,  and following  a bunch  of unnecessary
quoted material (e.g. what happens in a top-post reply).

Dealing with bots can be a tricky problem, but this is probably the only
time I've seen  anonymizing the emails employed as a  method for dealing
with  it. Now  that I've  seen  it, I  don't  think it's  a very  useful
technique.

What  if subscription  requests had  an additional  challenge aspect  to
them?

Just my 2 cents.


and +1 to all of these points. the present approach replaces an (possbily  
serious) annoyance (spam) with a real problem (destroying valuable and  
important logical structure from the "set of posts" to the mail list).


joerg



Andy



--
Using Opera's revolutionary email client: http://www.opera.com/mail/
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On 23 June 2016 at 09:32, Michai Ramakers  wrote:
> strange... tree-view of a thread is present when viewing individual
> messages in the archive (e.g. my last mail,
> http://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg23445.html),
> but not on the threads-overview page
> (http://www.mail-archive.com/fossil-users@lists.fossil-scm.org/).

...and it's always been like this, I notice now. Not fully awake yet,
perhaps, sorry.

Michai
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

strange... tree-view of a thread is present when viewing individual
messages in the archive (e.g. my last mail,
http://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg23445.html),
but not on the threads-overview page
(http://www.mail-archive.com/fossil-users@lists.fossil-scm.org/).

Michai
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Hi,

(I replied to the last message sent at this point, not to the original
post in this thread)

Unfortunately I am not mailing-list clued, and I don't have a solution
for this current spam-problem.

With risk of stating the obvious:

the tree-like nature of a thread is now gone (isn't it?) This makes it
almost impossible for me to sensibly read a historical thread - which
I do often when searching for a solution to a problem or weirdness I'm
encountering.

And... somehow I have trouble dealing with "anonymous" postings (that
is, without a name at the bottom of the mail). New users posting a
quick question may typically not sign their email, because they expect
their email-address to be enough identification. Perhaps this is
something I have to get used to, I don't know. (In my head, the origin
of a post on this ML is often a hint to its relevance, or even
indication of whether it is an answer or question - drh and
experienced devs usually don't post too many questions here...)

I wouldn't be opposed to a forum-style list, provided I'd get a digest
(even if only with titles of newly posted messages) by email. (I would
probably never "poll" a forum for new posts; perhaps other people do.)

Interesting to see how this develops. I'll ask some mail-savvy friends
for possible solutions, but I guess there are mail-savvy people on
this list already.

Michai
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

I too find this very confusing. I don't know who each message is from. Many
people (myself included) don't have their name by default in their
signature (if they even have one) and asking everyone to either add one for
every email they send to anyone or to manually remember to sign each post
to this mailing list seems like too much. Maybe there are other email
clients that can add a signiture based on the "To:" field, but gmail can't,
so it is all email or manually for this list. And even if this is done, it
is still confusing having to read down to the bottom in order to see who it
is, and not being able to skim back to find the reply from X is annoying.

Can a filter be added to ML to (silently) ban any email address of the form
mentioned above by reply #3 (or #4, counting the original post)? (I think
this is a fine example of the problem: I had to reopen each reply to find
the one that had that, and then count to figure out how to reference it)

Baruch

-- 
˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Fossil SCM user's discussion
 writes:

> Hopefully one that is short lived. :-)

+1

> It's pretty confusing to see a  bunch of emails coming from ``Fossil SCM
> user's discussion'' in my MUA.

+1

> In addition, I like to know who is speaking *before* I start reading the
> message because I think this is  important context. Sure, I suppose that
> might bias my interpretation of the words  I see in the message, but I'm
> willing to live with that. :-)

+1

I was also victim of that ’private email’ in the past, but the present
sitaution is really confusing not knowing who is speaking etc.


Sincerely,
Gour

-- 
From wherever the mind wanders due to its flickering and unsteady
nature, one must certainly withdraw it and bring it back under
the control of the self.

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Wed, 22 Jun 2016 11:58:01 -0600:

> Just filter it, either at the  mailing list or at each client. Problem
> solved.

I  think this  is  the  most sensible  approach,  however,  in the  case
presented, it isn't  possible to filter at the mailing  list because the
spam did not go to the mailing list.

This is how it happens:

1) spam bot subscribes to the mailing list
2) normal user subscribes to the mailing list and asks for help
3) spam bot receives a copy of the email delivered via the ML
4) spam bot sends an email directly to the sender (bypassing the ML)

So, it is not  possible for the ML to solve  this problem via filtering.
Some of the mechanisms it can use are:

1) make it harder to subscribe in hopes that the bot will be unsuccessful
2) manipulate the From address in some fashion:
  a) substitute the ML address but leave the comment in place
  b) mangle the address so human can easily figure out the *real* From
  c) completely anonymize From (current configuration)

Dealing with spam is always difficult because there really isn't an easy
way.

Andy
-- 
TAI64 timestamp: 4000576b78c3


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Wed, 22 Jun 2016 11:58:01 -0600:

> > No, it is a huge PR problem.
>
> Huge?

Maybe not to some, but, it's certainly not something that we want coming
as a result of emails to the ML.

> I never correlated the posting to this list and the spam replies. I've
> got  so much  spam coming  in  from so  many sources  that there's  no
> telling where it all originated.

It's  easy for  me to  tell because  the email  address that  I use  for
posting to this mailing list is unique to this mailing list. So if I get
spam sent  to this address,  I know it came  as a result  of association
with this list. It may be  that it came through mailing list harvesting,
but when a  piece of spam comes  almost immediately after I  post to the
ML, it's pretty much certain there is a bot on the ML.

> Even one who  does manage to correlate the two  should not assume that
> the Fossil organization is the one sending such messages out.

They  shouldn't,  but   you  assume  that  all  people   have  the  same
understanding of ``how things work'' and I assure, this is not the case.

Andy
-- 
TAI64 timestamp: 4000576b748b


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Thus said Fossil SCM user's discussion on Wed, 22 Jun 2016 10:54:47 -0400:

> This is an experiment.

Hopefully one that is short lived. :-)

It's pretty confusing to see a  bunch of emails coming from ``Fossil SCM
user's discussion'' in my MUA.

I often like to brain filter  messages (e.g. decide which emails to read
first according to sender) but this  will not work now that all messages
are ``anonymous''.

In addition, I like to know who is speaking *before* I start reading the
message because I think this is  important context. Sure, I suppose that
might bias my interpretation of the words  I see in the message, but I'm
willing to live with that. :-)

I've read through a  number of replies on this thread  and I'm still not
certain who sent them and don't really want to invest the time trying to
figure it  out. This is  exacerbated when the  signature is at  the very
bottom,  after a  long response,  and following  a bunch  of unnecessary
quoted material (e.g. what happens in a top-post reply).

Dealing with bots can be a tricky problem, but this is probably the only
time I've seen  anonymizing the emails employed as a  method for dealing
with  it. Now  that I've  seen  it, I  don't  think it's  a very  useful
technique.

What  if subscription  requests had  an additional  challenge aspect  to
them?

Just my 2 cents.

Andy
-- 
TAI64 timestamp: 4000576b730e


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Hello again,
One of the biggest mistakes I've noticed with many software projects is that 
they do think that "trying to force people to give bugs they've found in a 
website like github, is a good idea". I say it's wrong.
a) Most people prefer e-mail to inform.b) most people don't have time to check 
the github website unless they are clearly IT Project leader (or something 
close to that such as software developers)...c) Sometimes they could not afford 
to show their details because the project they work with do not allow it...
d) most of the time, points of view of people who know nothing about the 
project are interesting because they could see something that usual 
users/developers may not notice.And those people do not use Github, or if we 
prefer, they don't even know that it really exists...
My two cents.

Best Regards

K.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Hello,
I am happy that finally Fossil decided to take more seriously this issue.As I 
said in the past, I do prefer that no names are displayed. Of course the issue 
stated here is not about name, but this is one side effect of what I've 
said...(When people details are sent to the public, many people gets angry for 
example...)
However, if some people would like to be known, just put your signature like 
:me at yahoo dot fr (no it is not my e-mail :-D)Web site is my dot website dot 
com.

In the past, we received what we've sent and recently it was not the case which 
was a bit annoying because we don't know if *our* mail was really sent or not 
...If people would like to see others names, I suggest that it could be seen, 
INSIDE the body of the mail but not in the reply thing (don't remember the name 
of the reply thing : I'm sorry about that).
2/ Some people ask for a forum :Good idea IF people have time to subscribe (say 
login  pass couple) go check for it.Another advantage is that people could have 
a topic to follow if necessary...
Bad idea when we most of the time can't take time to go there ...Most people 
would like to follow the main discusses and sometimes some little question 
could be send ...

3/ Suggests :a) Could you ask people to vote :yes means we would like our names 
to be seen, and no if we don't want that behavior?
b) Why don't you create a way to put some main questions in a forum ?Some 
criteria could be the number of responses ...(I *never* said that it is easy to 
do of course)
 
Best Regards

K.

  De : Fossil SCM user's discussion 
 À : fossil-users@lists.fossil-scm.org 

  ___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

One way to find out which subscriber is (knowingly or unknowingly) behind 
this problem is to have the mail list send out messages augmented with the 
actual recipient's email (preferrably as "xxx at domain xxx dot xxx" to not 
be immediately obvious to possible scripts that may remove them) as part of 
the body of the email.  Then, the porn should come back with that 
information as it appears to always quote the original message.  It should 
quickly reveal what email address is behind this, and that address can be 
banned from the list.


-Original Message- 
From: Fossil SCM user's discussion

Sent: Wednesday, June 22, 2016 7:42 PM
To: Fossil SCM user's discussion
Subject: Re: [fossil-users] More reply spam...

On Wed, Jun 22, 2016 at 11:20:56AM -0400, Fossil SCM user's discussion 
wrote:

On 6/22/16, Fossil SCM user's discussion
<fossil-users@lists.fossil-scm.org> wrote:
> The only problem (or annoyance) I see with that is that we don't know 
> from

> who the email come from unless we look at the signature at the bottom.

I agree.  I just don't know of an alternative.  Suggestions are welcomed!


I don't know how flexible is the Mail list system, but if possible, may
be it could take the name of the original "From:" field, but keep
the mailing list email.

Example:

 - Email received by the server:

From: John Smith <johnsm...@someisp.com>
To: Fossil User Mailing list <fossil-users@lists.fossil-scm.org>




 - Email sent back to the member of the list

 From: John Smith <fossil-users@lists.fossil-scm.org>
To: Fossil User Mailing list <fossil-users@lists.fossil-scm.org>





I have no clue if it's possible, but it would be a good compromise.

Regards

--
Martin G.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users 


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

What about stripping the email address in the  but leave the 
display name. Not sure if that capability exists.



-
Scott Doctor
sc...@scottdoctor.com

On 06/22/2016 11:12, Fossil SCM user's discussion wrote:

It's a disaster to not have the sender in the usual sender FROM: place. Migrate 
to google-groups  which is super successful for open source projects -- Paul 
Hammant, noob to fossil, 16 yr veteran of making OSS for others.

Sent from my iPhone


On Jun 22, 2016, at 11:15 AM, Fossil SCM user's discussion 
 wrote:

The only problem (or annoyance) I see with that is that we don't know from who 
the email come from unless we look at the signature at the bottom.

--
Martin G.


Le 22 juin 2016 à 10:54, Fossil SCM user's discussion 
 a écrit :

As anyone who has recently posted to this mailing lists probably
already knows, some miscreant has again set up a reply-spam bot.
Whenever you post to this list, the bot sends porn-spam as a private
reply.  Because the reply is private, there is nothing the mailing
list can do to filter it out.

In an effort to thwart this attack, I have converted fossil-users into
an "anonymous" list.  That means that the email address of senders is
always stripped.  Replies can go to the mailing list only.

This is an experiment.  If it does not work out, we'll try to come up
with an alternative remediation to the reply-spam problem.

--
D. Richard Hipp
d...@sqlite.org


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

It's a disaster to not have the sender in the usual sender FROM: place. Migrate 
to google-groups  which is super successful for open source projects -- Paul 
Hammant, noob to fossil, 16 yr veteran of making OSS for others.

Sent from my iPhone

> On Jun 22, 2016, at 11:15 AM, Fossil SCM user's discussion 
>  wrote:
> 
> The only problem (or annoyance) I see with that is that we don't know from 
> who the email come from unless we look at the signature at the bottom.
> 
> -- 
> Martin G. 
> 
>> Le 22 juin 2016 à 10:54, Fossil SCM user's discussion 
>>  a écrit :
>> 
>> As anyone who has recently posted to this mailing lists probably
>> already knows, some miscreant has again set up a reply-spam bot.
>> Whenever you post to this list, the bot sends porn-spam as a private
>> reply.  Because the reply is private, there is nothing the mailing
>> list can do to filter it out.
>> 
>> In an effort to thwart this attack, I have converted fossil-users into
>> an "anonymous" list.  That means that the email address of senders is
>> always stripped.  Replies can go to the mailing list only.
>> 
>> This is an experiment.  If it does not work out, we'll try to come up
>> with an alternative remediation to the reply-spam problem.
>> 
>> -- 
>> D. Richard Hipp
>> d...@sqlite.org
> 
> 
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Jun 22, 2016, at 10:24 AM, Fossil SCM user's discussion 
 wrote:
> 
> > Live with the spam.  It’s small potatoes as problems go.
> 
> No, it is a huge PR problem.

“Huge?”

Breaking news, the Internet is full of porn.  Film at 11.

(No, not *that* kind of film!)

> Innocent users find Fossil and have a quick question, so they send a message 
> to the list and immediately get back porn.  Not a good first impression.

I never correlated the posting to this list and the spam replies.  I’ve got so 
much spam coming in from so many sources that there’s no telling where it all 
originated.

Even one who does manage to correlate the two should not assume that the Fossil 
organization is the one sending such messages out.  They aren’t marked as such, 
and they’re pretty clearly off-topic.  There is no reason to suppose they’re 
intentionally linked.

I’m not saying it’s not a problem.  As I said, I quickly took the extraordinary 
step here to prefilter such messages.  I don’t need an NSFW problem with my 
boss looking over my shoulder.  I am saying that breaking the mailing list just 
to deal with this one problem is overkill.

Just filter it, either at the mailing list or at each client.  Problem solved.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Stephan wrote:

Ah, another apparent side effect of this change is that users now get 
a copy of their own posts sent to them. That wasn't the case before.


As the unsigned person said, suppressing your own message on its return 
to you is a feature of some email systems - specifically including gmail.


Gmail operates by comparing the received Message-ID field to those you 
sent. The recent change caused the Message-ID field to be replaced as 
well as the From field, so gmail no longer sees the returned message as 
"the same message" as any you sent.


Shal

(sorry about the previous misfire - accidentally hit send before I'd 
edited the message body)


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

--
Shal Farley
Cheshire Engineering Corporation
+1 626 303 1602
http://www.CheshireEng.com


On 6/22/2016 10:19 AM, Fossil SCM user's discussion wrote:
On Wed, Jun 22, 2016 at 7:17 PM, Fossil SCM user's discussion 
> wrote:




On Wed, Jun 22, 2016 at 7:07 PM, Fossil SCM user's discussion
> wrote:

Is it too much overhead to create/maintain a Fossil forum page
with phpBB or similar? A mail list seems so linear to capture
diverse ideas and proposed solutions. Let alone, scanning past
issues is far from efficient.


Forums are unfortunately no less subject to spam than email is
(the main advantage is that it's possible to remove spam from
forums, which leads us nicely to my next point...), and have much
higher maintenance costs (time/effort) than mailing lists.

-- 
- stephan beal



Ah, another apparent side effect of this change is that users now get 
a copy of their own posts sent to them. That wasn't the case before.


--
- stephan beal
http://wanderinghorse.net/home/stephan/
http://gplus.to/sgbeal
"Freedom is sloppy. But since tyranny's the only guaranteed byproduct 
of those who insist on a perfect world, freedom will have to do." -- 
Bigby Wolf



___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
   
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On 22 June 2016 at 10:07, Fossil SCM user's discussion
 wrote:
> Is it too much overhead to create/maintain a Fossil forum page with phpBB or
> similar? A mail list seems so linear to capture diverse ideas and proposed
> solutions. Let alone, scanning past issues is far from efficient.


I think it's less efficient as the user must first create an account,
maybe wait for moderation, and post a message. Then there's always the
struggle with it being mis-posted so a moderator would need to move
the message to the correct spot. Forums are good for non-software type
things, IMO.

-- 
sean
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Jun 22, 2016, at 11:19 AM, Fossil SCM user's discussion 
 wrote:
> 
> Ah, another apparent side effect of this change is that users now get a copy 
> of their own posts sent to them. That wasn't the case before.

You did still get a copy of your own messages before, but in the old scheme, 
the returned message’s headers matched the ones your mailer sent, so most 
mailers are smart enough to suppress those duplicates.  The change introduces 
enough differences to break that echo suppression.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

> Le 22 juin 2016 à 13:19, Fossil SCM user's discussion 
>  a écrit :
> 
>> On Wed, Jun 22, 2016 at 7:17 PM, Fossil SCM user's discussion 
>>  wrote:
>> 
>> 
>>> On Wed, Jun 22, 2016 at 7:07 PM, Fossil SCM user's discussion 
>>>  wrote:
>>> Is it too much overhead to create/maintain a Fossil forum page with phpBB 
>>> or similar? A mail list seems so linear to capture diverse ideas and 
>>> proposed solutions. Let alone, scanning past issues is far from efficient.
>> 
>> Forums are unfortunately no less subject to spam than email is (the main 
>> advantage is that it's possible to remove spam from forums, which leads us 
>> nicely to my next point...), and have much higher maintenance costs 
>> (time/effort) than mailing lists.
>> 
>> -- 
>> - stephan beal
> 
> Ah, another apparent side effect of this change is that users now get a copy 
> of their own posts sent to them. That wasn't the case before.
> 

Which is nice ...

-- 
Martin G.___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Wed, Jun 22, 2016 at 7:17 PM, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

>
>
> On Wed, Jun 22, 2016 at 7:07 PM, Fossil SCM user's discussion <
> fossil-users@lists.fossil-scm.org> wrote:
>
>> Is it too much overhead to create/maintain a Fossil forum page with phpBB
>> or similar? A mail list seems so linear to capture diverse ideas and
>> proposed solutions. Let alone, scanning past issues is far from efficient.
>>
>
> Forums are unfortunately no less subject to spam than email is (the main
> advantage is that it's possible to remove spam from forums, which leads us
> nicely to my next point...), and have much higher maintenance costs
> (time/effort) than mailing lists.
>
> --
> - stephan beal
>

Ah, another apparent side effect of this change is that users now get a
copy of their own posts sent to them. That wasn't the case before.

-- 
- stephan beal
http://wanderinghorse.net/home/stephan/
http://gplus.to/sgbeal
"Freedom is sloppy. But since tyranny's the only guaranteed byproduct of
those who insist on a perfect world, freedom will have to do." -- Bigby Wolf
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Wed, Jun 22, 2016 at 7:07 PM, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

> Is it too much overhead to create/maintain a Fossil forum page with phpBB
> or similar? A mail list seems so linear to capture diverse ideas and
> proposed solutions. Let alone, scanning past issues is far from efficient.
>

Forums are unfortunately no less subject to spam than email is (the main
advantage is that it's possible to remove spam from forums, which leads us
nicely to my next point...), and have much higher maintenance costs
(time/effort) than mailing lists.

-- 
- stephan beal
http://wanderinghorse.net/home/stephan/
http://gplus.to/sgbeal
"Freedom is sloppy. But since tyranny's the only guaranteed byproduct of
those who insist on a perfect world, freedom will have to do." -- Bigby Wolf
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Is it too much overhead to create/maintain a Fossil forum page with phpBB
or similar? A mail list seems so linear to capture diverse ideas and
proposed solutions. Let alone, scanning past issues is far from efficient.

On Wed, Jun 22, 2016 at 1:01 PM, Fossil SCM user's discussion <
fossil-users@lists.fossil-scm.org> wrote:

> Put or keep the sender's display name (in their original From field) in
> the display name part of the From: address. That way your messages would be
> from:
>
> Richard Hipp 
> 
>
> That way who sent the message will still be evident in most email
> interfaces, and most automatic quote headers won't be as blind either (see
> quotes below).
>
> A slightly more complicated variation is to also reform the user name
> portion of the from address to include an encoding of the sender's email
> address:
>
> Richard Hipp 

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

Put or keep the sender's display name (in their original From field) in 
the display name part of the From: address. That way your messages would 
be from:


Richard Hipp 

That way who sent the message will still be evident in most email 
interfaces, and most automatic quote headers won't be as blind either 
(see quotes below).


A slightly more complicated variation is to also reform the user name 
portion of the from address to include an encoding of the sender's email 
address:


Richard Hipp 

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Wed, Jun 22, 2016 at 11:20:56AM -0400, Fossil SCM user's discussion wrote:
> On 6/22/16, Fossil SCM user's discussion
>  wrote:
> > The only problem (or annoyance) I see with that is that we don't know from
> > who the email come from unless we look at the signature at the bottom.
> 
> I agree.  I just don't know of an alternative.  Suggestions are welcomed!

I don't know how flexible is the Mail list system, but if possible, may
be it could take the name of the original "From:" field, but keep
the mailing list email.

Example:

  - Email received by the server:

From: John Smith 
To: Fossil User Mailing list 




  - Email sent back to the member of the list

From: John Smith 
To: Fossil User Mailing list 





I have no clue if it's possible, but it would be a good compromise.

Regards

-- 
Martin G.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On Jun 22, 2016, at 9:20 AM, Fossil SCM user's discussion 
 wrote:
> 
> On 6/22/16, Fossil SCM user's discussion
>  wrote:
>> The only problem (or annoyance) I see with that is that we don't know from
>> who the email come from unless we look at the signature at the bottom.
> 
> I agree.

I haven’t used an email signature in many years now.  I found reasons to drop 
one line at a time from the 4+ lines I used to send, until I removed the last 
one and didn’t miss it.

(You don’t need my phone number, you don’t need my web site address, you don’t 
need my pithy quote, you don’t need my Geek Code, and you don’t need my ICBM 
Address.)

Now you’re saying I need to start using one again just to identify myself on 
this list?

> I just don't know of an alternative.

Live with the spam.  It’s small potatoes as problems go.

I don’t know if we’re talking about the same spam, but the stuff I’m getting 
has a pretty simple pattern in its X-Authenticated-Sender header that makes it 
easy to send straight to the trash.  I haven’t seen any of that in weeks, since 
the last minor adjustment to the rule.

I’d post the rule here, but then this message would probably get caught up in 
someone’s aggressive spam filter.  Just take a look at any two such messages, 
and you’ll probably see the same pattern.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

On 6/22/16, Fossil SCM user's discussion
 wrote:
> The only problem (or annoyance) I see with that is that we don't know from
> who the email come from unless we look at the signature at the bottom.

I agree.  I just don't know of an alternative.  Suggestions are welcomed!

>
> --
> Martin G.
>
>> Le 22 juin 2016 à 10:54, Fossil SCM user's discussion
>>  a écrit :
>>
>> As anyone who has recently posted to this mailing lists probably
>> already knows, some miscreant has again set up a reply-spam bot.
>> Whenever you post to this list, the bot sends porn-spam as a private
>> reply.  Because the reply is private, there is nothing the mailing
>> list can do to filter it out.
>>
>> In an effort to thwart this attack, I have converted fossil-users into
>> an "anonymous" list.  That means that the email address of senders is
>> always stripped.  Replies can go to the mailing list only.
>>
>> This is an experiment.  If it does not work out, we'll try to come up
>> with an alternative remediation to the reply-spam problem.
>>
>> --
>> D. Richard Hipp
>> d...@sqlite.org
>
>
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>


-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] More reply spam...

[Fossil SCM user's discussion]

The only problem (or annoyance) I see with that is that we don't know from who 
the email come from unless we look at the signature at the bottom.

-- 
Martin G. 

> Le 22 juin 2016 à 10:54, Fossil SCM user's discussion 
>  a écrit :
> 
> As anyone who has recently posted to this mailing lists probably
> already knows, some miscreant has again set up a reply-spam bot.
> Whenever you post to this list, the bot sends porn-spam as a private
> reply.  Because the reply is private, there is nothing the mailing
> list can do to filter it out.
> 
> In an effort to thwart this attack, I have converted fossil-users into
> an "anonymous" list.  That means that the email address of senders is
> always stripped.  Replies can go to the mailing list only.
> 
> This is an experiment.  If it does not work out, we'll try to come up
> with an alternative remediation to the reply-spam problem.
> 
> -- 
> D. Richard Hipp
> d...@sqlite.org


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users