On Fri, Feb 9, 2018 at 1:41 PM Philip Paeps <phi...@trouble.is> wrote:

> On 2018-02-09 20:46:41 (+0100), Brandon Long wrote:
> > On Fri, Feb 9, 2018 at 6:13 AM Philip Paeps <phi...@trouble.is> wrote:
> >> On 2018-02-07 17:05:59 (-0800), Michael Peddemors wrote:
> >>> Spammers are abusing Google Groups lists of course, and I am sure
> >>> they are working on it
> >>
> >> It would be nice if the Google Groups would "confirm opt-in" like
> >> other mailing lists.
> >
> > Have you ever tried to set up a mailing list for your family or
> > school?
> Sure.  It seems polite to send people an invitation and ask them if
> they'd actually like to join the mailing list.
> > Does your company have mailing lists and require opt-in for them?
> I'm self-employed. ;)  But customers have mailing lists.  These are very
> different from the "school" or "family" example though.
> > There are plenty of scenarios where its pretty impractical.
> Unfortunately, making things "practical" is also very convenient for
> spammers.
> > It would certainly be easier for the abuse team to require opt-in, but
> > then it would be a much less useful tool for a wide variety of use
> > cases that aren't abusive.
> Perhaps the default should be confirmed opt-in but allowing unconfirmed
> subcriptions after list owners jump through several extra hoops to prove
> they're not spammers?  Account aging is probably a good start.
> > Also, at some level, you can just signup a new Gmail account and send
> > email to a bunch of folks without any opt-in, so clearly there's a
> > bulk aspect to these things.
> Seems to me that allowing people to sign up for an account and
> immediately create spam lists is not a great idea?

I mean, you can create a Gmail account and then immediately send an email
to one person, and that email
could be spam.

or to 10 people

And those are the hardest to catch, and those sending really small numbers
of spam usually have much higher return
per message, so they can do a lot more manual work.  419 spammers and other
types of phishing and fraud, typically.

Obviously, trying to figure out when people do that is a large part of our
abuse process, as is making
sure people can't automate creating accounts.

And account aging only sorta works, spammers are happy to create accounts
every day and then use
them to spam 30/60/90 days later.  They're amazingly good at figuring out
what your account age requirements are.

Anyways, there is all of this logic and abuse work in there, which doesn't
mean it's perfect, but if we didn't
already have some protections, I'm sure Groups would have been banned
around the internet a long time again.

mailop mailing list

Reply via email to