A year or so ago, after the run of spam from Turkey, I emailed Sally
suggesting that she arrange to have the FutureWork list reconfigured
so that only subscribers could post to it. I'm pretty sure that she
replied that the tech people had assured her that there was no way to
do that.
Then I emailed [EMAIL PROTECTED] about it and had no
reply.
Given the current state of the net, all mail lists should be
configured so that:
Only mail from validly subscribed addresses is posted to the list.
A subscription request is answered with a confirmation message
sent to the subscribing address and a confirmation originating from
that address is required before the new address is subscribed to
the list.
FutureWork does not appear to be so configured. The software exists
to do this although I'm not familiar with the details of majordomo,
the software that runs FutureWork. FutureWork is completely
unprotected from a flood of spam until such measures are implemented.
In addition, it is a good idea, albeit the subject of some
controversy, to filter all mail to the list through somthing like the
MAPS RBL list of known spammer and open relay addresses. Some of this
recent spam was relayed through an open server in China.
Regretably, as a subscriber I have no authority to pursue this with
the list admin(s) at U. Waterloo and it appears that they have been
unresponsive to Sally's inquiries about spam protection.
The last time I checked, the admin *had* disabled the "review" command
on the list server so that a spammer can no longer subscribe, dump the
list of subscribed addresses into his database and unsubscribe.
Since the solution to this problem is at least partly technical,
mail to [EMAIL PROTECTED] might be constructive.
- Mike
---
Michael Spencer Nova Scotia, Canada
http://home.tallships.ca/mspencer/
