>>>>> "Nigel" == Nigel Metheringham <[EMAIL PROTECTED]> writes:
Nigel> On Wed, 2004-09-01 at 10:41 -0400, J C Lawrence wrote: >> On Wed, 01 Sep 2004 11:16:05 +0100 >> Nigel Metheringham <[EMAIL PROTECTED]> wrote: >>> I seem now to be getting posts to the list forged from >>> addresses of list members (or in one case a list itself). The >>> rejection of these so far has been pretty much by sheer luck >>> (they failed the content policy checks). >>> Are other people seeing this? ISTR a spam from "Barry Warsaw" on the python-dev list. <wink> >> Yup, to the tune of several score per day per list, tho I don't >> distinguish between SPAM and virus mail in this regard. Nigel> OK, maybe I have been lucky. Although getting the member Nigel> list other than by archive trawling isn't possible - EU Nigel> data protection laws mean that I routinely not only block Nigel> list roster access but remove the appropriate fragments Nigel> from the list info pages. I think you have been lucky, either in choosing members who don'tuse Windows, or members who do but nonetheless don't catch viruses. What I see a fair amount of is mail "from" a list member to the list, that has gone through a bunch of machines that seem to be a legit ISP not that of the member. Ie, it's one of those Yenta viruses that matches up two address book entries, one as the sender, one as the receiver. Spammers seem to have figured this or a similar trick out, as well. Or maybe the spammer's agent is such a virus. jcl> I use TMDA as a C/R system in front of all my lists and then jcl> remove all posting controls on the lists at the Mailman level. jcl> Given that the majority of list members never even try to post, jcl> this has been proven a particularly effective control. Since the majority of spam uses faked addresses all around, except on the envelope, I can see why. I'm afraid you may be in for a nasty surprise in the near future (at least if you run open-subscribe lists, even with confirmation) as I've witnessed two recent incidents where the spammer subscribed to a members-only-post list, then spammed. Since the confirmation for the subscription requires a valid address, the TMDA challenge would go there, too! Nigel> I am wondering about switching to the Mailman members Nigel> initially moderated policy, although I don't really want to Nigel> increase the load on the moderators. This will help prevent spammers from signing up for a one-time spam on a members-only-post list, but otherwise, it doesn't help much, I think. A lot of the spam/spew I see is "from" charter members who have been around for a decade. Nigel> What might add something would be an option where posters Nigel> get a response back on postings similar to the current Nigel> message held for moderation where they have a choice of Nigel> actions - post or cancel at a minimum. It would for a while, but the spammer has a big advantage here once he figures it out. He just bounces back a response to _all_ such challenges, whereas a conscientious member will have to check (at least his memory) whether he posted or not. OTOH, if it goes to the forged address of a legit member, that would be an annoyance to someone whose only sin is to have thrown snake eyes in the "spammer alias" lottery. Nigel> Its recently been requested that we start allowing some Nigel> MIME parts through - especially PGP signature types There's your answer---_require_ a PGP signature. <0.5 wink> I've seriously considered doing that, not as a requirement, but as a "self-approval" mechanism. People with known signatures can post without being molested by the filters, everybody else runs the gamut. But I think it would be a lot of work for little profit in my situation. HTH. Unfortunately, I dunno what the answer is, and the death penalty more and more seems like a step in the right direction. :-( -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org