>>>>> "Nigel" == Nigel Metheringham <[EMAIL PROTECTED]> writes:
Nigel> On Wed, 2004-09-01 at 10:41 -0400, J C Lawrence wrote:
>> On Wed, 01 Sep 2004 11:16:05 +0100
>> Nigel Metheringham <[EMAIL PROTECTED]> wrote:
>>> I seem now to be getting posts to the list forged from
>>> addresses of list members (or in one case a list itself). The
>>> rejection of these so far has been pretty much by sheer luck
>>> (they failed the content policy checks).
>>> Are other people seeing this?
ISTR a spam from "Barry Warsaw" on the python-dev list. <wink>
>> Yup, to the tune of several score per day per list, tho I don't
>> distinguish between SPAM and virus mail in this regard.
Nigel> OK, maybe I have been lucky. Although getting the member
Nigel> list other than by archive trawling isn't possible - EU
Nigel> data protection laws mean that I routinely not only block
Nigel> list roster access but remove the appropriate fragments
Nigel> from the list info pages.
I think you have been lucky, either in choosing members who don'tuse
Windows, or members who do but nonetheless don't catch viruses. What
I see a fair amount of is mail "from" a list member to the list, that
has gone through a bunch of machines that seem to be a legit ISP not
that of the member. Ie, it's one of those Yenta viruses that matches
up two address book entries, one as the sender, one as the receiver.
Spammers seem to have figured this or a similar trick out, as well.
Or maybe the spammer's agent is such a virus.
jcl> I use TMDA as a C/R system in front of all my lists and then
jcl> remove all posting controls on the lists at the Mailman level.
jcl> Given that the majority of list members never even try to post,
jcl> this has been proven a particularly effective control.
Since the majority of spam uses faked addresses all around, except on
the envelope, I can see why. I'm afraid you may be in for a nasty
surprise in the near future (at least if you run open-subscribe lists,
even with confirmation) as I've witnessed two recent incidents where
the spammer subscribed to a members-only-post list, then spammed.
Since the confirmation for the subscription requires a valid address,
the TMDA challenge would go there, too!
Nigel> I am wondering about switching to the Mailman members
Nigel> initially moderated policy, although I don't really want to
Nigel> increase the load on the moderators.
This will help prevent spammers from signing up for a one-time spam on
a members-only-post list, but otherwise, it doesn't help much, I
think. A lot of the spam/spew I see is "from" charter members who
have been around for a decade.
Nigel> What might add something would be an option where posters
Nigel> get a response back on postings similar to the current
Nigel> message held for moderation where they have a choice of
Nigel> actions - post or cancel at a minimum.
It would for a while, but the spammer has a big advantage here once he
figures it out. He just bounces back a response to _all_ such
challenges, whereas a conscientious member will have to check (at
least his memory) whether he posted or not. OTOH, if it goes to the
forged address of a legit member, that would be an annoyance to
someone whose only sin is to have thrown snake eyes in the "spammer
alias" lottery.
Nigel> Its recently been requested that we start allowing some
Nigel> MIME parts through - especially PGP signature types
There's your answer---_require_ a PGP signature. <0.5 wink>
I've seriously considered doing that, not as a requirement, but as a
"self-approval" mechanism. People with known signatures can post
without being molested by the filters, everybody else runs the gamut.
But I think it would be a lot of work for little profit in my
situation.
HTH. Unfortunately, I dunno what the answer is, and the death penalty
more and more seems like a step in the right direction. :-(
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
