On Tue, Apr 23, 2002 at 10:24:23PM -0600, Kurt Seifried wrote:
> Is it not incumbant upon the openssl.org mailing list maintainer(s) to prevent spam
>from making it onto the mailing lists? Generally speaking you will want to restrict
>posting to list members, and for lists such as openssl-announce require moderation
>approval.
The mailing lists are kindly run by Ralf Engelschall.
Only list members are allowed to post. A short inspection of the headers
shows, that the emails had fake sender addresses like "[EMAIL PROTECTED]".
It should be no surprise that that Richard Levitte as a member of the
developers team is actually subscribed to the list(s) and therefore
no mailing list manager could automatically distinguish this SPAM from
a legitimite mail.
As electronicly signed mail is not widespread enough (yet?), this problem
could only be circumvented by moderation.
It seems that we are seeing a new quality of SPAM software using legitimite
email addresses captured on the list to send out SPAM to mailing list.
Even though I don't like to admit that, but I don't have any good idea
on how to detect this reliably without human interaction, making it a
new challenge to mailing list operators and users.
I cannot comment on the OpenSSL-Announce list. Only the core members
should be allowed to send via this list.
Probably the list should be switched to "moderated" (it currently does
not seem to be moderated, does it?).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
