Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-06-02 Thread Gerry Snyder 

A. Pagaltzis wrote:

This suggests a different strategy: alternate between sending
opt-out and opt-in mails. Indiscriminate autoresponders will
unsubscribe themselves when they get an opt-out mail; people who
throw the mail away will silently drop out after failing to
respond to the opt-in mail.
  


There is a certain evil in this suggestion.

I like it a lot.

Gerry

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-06-01 Thread Florian Weimer 
* Clay Dowling:

> [EMAIL PROTECTED] at least does have an auto-responder.  The message
> contains the text of any message sent to it, appended to the bottom of
> the email.  That would serve to automatically validate the check
> email.

In my experience, the real problem with ezmlm's subscription mechanism
is that it embeds the subscription cookie in the Reply-To: header.  If
you put it into the subject and require that it's preserved by the
subscriber (like other mailing list managers do), such accidents are
much less likely.

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-31 Thread Dennis Jenkins 
Clark Christensen wrote:
>> And yet somehow, the spammer still managed to get signed up
>> using a "paypal.com" address.  How did they do that?
>> --
>> 
>
> As others have pointed-out, there's probably a simple autoresponder on many 
> [EMAIL PROTECTED] mailboxes.  It replied, and that was good enough :-)
>
> I think if the list confirm messages had a link to click on to validate the 
> subscription (that leads somewhere other than replying to the message), the 
> anonymous autoresponders wouldn't validate.  Plus, it wouldn't lock-out 
> legitimate users at paypal.com (somebody suggested rejecting by domain).
>
>  -Clark
>
>
>
>   
The email should contain TWO urls.  One real and one a honey-pot.  If
the honey-pot URL gets tripped, then it should unsubscribe the box that
polled all of the URLs in the email.  If the email recipient clicks on
the non-honey-pot URL, then they stay on the mailing list.
  Doesn't the sqlite web site already do something like this to defend
against fubared search engines that ignore the ROBOTS.TXT file and scan
all hyperlinks anyway?

Man, that last sentence sucked.  The English language should be drug out
into the street and shot.

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-31 Thread Ulrich Schöbel 
How about asking a new subscriber to copy some magic number
from the body to the subject of his reply? AFAIK autoresponders
can't do that.

Kind regards

Ulrich


On Wednesday 31 May 2006 17:17, Clark Christensen wrote:
> > And yet somehow, the spammer still managed to get signed up
> > using a "paypal.com" address.  How did they do that?
> > --
>
> As others have pointed-out, there's probably a simple autoresponder on many
> [EMAIL PROTECTED] mailboxes.  It replied, and that was good
> enough :-)
>
> I think if the list confirm messages had a link to click on to validate the
> subscription (that leads somewhere other than replying to the message), the
> anonymous autoresponders wouldn't validate.  Plus, it wouldn't lock-out
> legitimate users at paypal.com (somebody suggested rejecting by domain).
>
>  -Clark

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-31 Thread Clark Christensen 
> And yet somehow, the spammer still managed to get signed up
> using a "paypal.com" address.  How did they do that?
> --

As others have pointed-out, there's probably a simple autoresponder on many 
[EMAIL PROTECTED] mailboxes.  It replied, and that was good enough :-)

I think if the list confirm messages had a link to click on to validate the 
subscription (that leads somewhere other than replying to the message), the 
anonymous autoresponders wouldn't validate.  Plus, it wouldn't lock-out 
legitimate users at paypal.com (somebody suggested rejecting by domain).

 -Clark

RE: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-30 Thread Bob Dankert 
I have to agree as well - Quite frequently I am just too busy to read
the list, other times I get a wealth of information from the list.  I
would hate to get unsubscribed because I was too busy to reply to a
message.  Plus, I archive all of my messages in the list so I can search
for previous information.  I may not read some posts right away, but
they do serve a useful purpose for me later down the road.

Being placed on a moderated status would be fine in my opinion, as
described by Eric, for new or infrequent posters.

Bob

-Original Message-
From: Eric Scouten [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 30, 2006 10:26 AM
To: sqlite-users@sqlite.org
Subject: Re: [sqlite] Purging the mailing list roles. Was: Please
Restore Your Account Access

I agree with Jay. I'd hate to have to respond to an e-mail ping every  
so often just to continue reading the list.

On the other hand, I wouldn't mind terribly if I got placed on  
"moderated" status (i.e. had to go through a verification step in  
order to *post* to the list) if I were either (a) new to the list, or  
(b) hadn't posted in a while.

-Eric



On 30 May 2006, at 07:57, Jay Sprenkle wrote:

> On 5/30/06, Eugene Wee <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> Basically, what I imagined from DRH's original proposal was that  
>> accounts that
>> have not sent out mails after some period of time would receive an  
>> email
>> informing them that they will be unsubscribed unless they send a  
>> mail to the
>> mailing list, or they reply to this notification email, within  
>> some (short)
>> period of time.
>>
>> I have qualms about asking people to click on a link, since it may  
>> look like a
>> bogus email in which the link will take them elsewhere. You know,  
>> like one of
>> those "your account has expired, click on this link to renew" spam  
>> emails.
>
> I wouldn't want a lot of "I want to stay on the list" mail spamming  
> the list.
>
> You could sign up an autoresponder email account (like paypal) and  
> it would stay
> signed up forever. It would always respond to the query email with a
> reply including
> the original text of the message. You'd need to set it up so they had
> to reply to a
> different email account than the one to send the query mail.

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-30 Thread Craig Morrison 

Jay Sprenkle wrote:

On 5/30/06, Eric Scouten <[EMAIL PROTECTED]> wrote:

I agree with Jay. I'd hate to have to respond to an e-mail ping every
so often just to continue reading the list.

On the other hand, I wouldn't mind terribly if I got placed on
"moderated" status (i.e. had to go through a verification step in
order to *post* to the list) if I were either (a) new to the list, or
(b) hadn't posted in a while.


As an alternative,  Maybe we should point people who only want to
read the list to a link to an email archive/aggregator and tell them
to search there if they want answers and only to subscribe/resubscribe
if they actively want to post.



Because this penalizes people who want direct delivery.

I don't know about you, but I have spent a lot of time tweaking my 
filters here to get mail delivered to me the way I want it. Trudging 
through someone else's archive is out of the question.


+1 for moderated posting status after  days, -10 for all of the 
other suggestions that will cause me to jump through hoops to stay 
subscribed.


--
Craig Morrison
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
http://pse.2cah.com
  Controlling pseudoephedrine purchases.

http://www.mtsprofessional.com/
  A Win32 email server that works for You.

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-30 Thread Jay Sprenkle 

On 5/30/06, Eric Scouten <[EMAIL PROTECTED]> wrote:

I agree with Jay. I'd hate to have to respond to an e-mail ping every
so often just to continue reading the list.

On the other hand, I wouldn't mind terribly if I got placed on
"moderated" status (i.e. had to go through a verification step in
order to *post* to the list) if I were either (a) new to the list, or
(b) hadn't posted in a while.


As an alternative,  Maybe we should point people who only want to
read the list to a link to an email archive/aggregator and tell them
to search there if they want answers and only to subscribe/resubscribe
if they actively want to post.

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-30 Thread Eric Scouten 
I agree with Jay. I'd hate to have to respond to an e-mail ping every  
so often just to continue reading the list.


On the other hand, I wouldn't mind terribly if I got placed on  
"moderated" status (i.e. had to go through a verification step in  
order to *post* to the list) if I were either (a) new to the list, or  
(b) hadn't posted in a while.


-Eric



On 30 May 2006, at 07:57, Jay Sprenkle wrote:


On 5/30/06, Eugene Wee <[EMAIL PROTECTED]> wrote:

Hi,

Basically, what I imagined from DRH's original proposal was that  
accounts that
have not sent out mails after some period of time would receive an  
email
informing them that they will be unsubscribed unless they send a  
mail to the
mailing list, or they reply to this notification email, within  
some (short)

period of time.

I have qualms about asking people to click on a link, since it may  
look like a
bogus email in which the link will take them elsewhere. You know,  
like one of
those "your account has expired, click on this link to renew" spam  
emails.


I wouldn't want a lot of "I want to stay on the list" mail spamming  
the list.


You could sign up an autoresponder email account (like paypal) and  
it would stay

signed up forever. It would always respond to the query email with a
reply including
the original text of the message. You'd need to set it up so they had
to reply to a
different email account than the one to send the query mail.

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-30 Thread A. Pagaltzis 
* Jay Sprenkle <[EMAIL PROTECTED]> [2006-05-30 17:00]:
> You could sign up an autoresponder email account (like paypal)
> and it would stay signed up forever. It would always respond to
> the query email with a reply including the original text of the
> message. You'd need to set it up so they had to reply to a
> different email account than the one to send the query mail.

This suggests a different strategy: alternate between sending
opt-out and opt-in mails. Indiscriminate autoresponders will
unsubscribe themselves when they get an opt-out mail; people who
throw the mail away will silently drop out after failing to
respond to the opt-in mail.

Regards,
-- 
Aristotle Pagaltzis //

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-30 Thread Jay Sprenkle 

On 5/30/06, Eugene Wee <[EMAIL PROTECTED]> wrote:

Hi,

Basically, what I imagined from DRH's original proposal was that accounts that
have not sent out mails after some period of time would receive an email
informing them that they will be unsubscribed unless they send a mail to the
mailing list, or they reply to this notification email, within some (short)
period of time.

I have qualms about asking people to click on a link, since it may look like a
bogus email in which the link will take them elsewhere. You know, like one of
those "your account has expired, click on this link to renew" spam emails.


I wouldn't want a lot of "I want to stay on the list" mail spamming the list.

You could sign up an autoresponder email account (like paypal) and it would stay
signed up forever. It would always respond to the query email with a
reply including
the original text of the message. You'd need to set it up so they had
to reply to a
different email account than the one to send the query mail.

RE: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-30 Thread Fred Williams 
BUT, the spammers ARE posting...

> -Original Message-
> From: Jay Sprenkle [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 30, 2006 8:46 AM
> To: sqlite-users@sqlite.org
> Subject: Re: [sqlite] Purging the mailing list roles. Was: Please
> Restore Your Account Access
>
>
> On 5/29/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >
> > I wonder if I need to implement some kind of mechanism that requires
> > you to either send a message to the mailing list or else renew your
> > subscription every 3 months.  Does anybody have any experience with
> > other mailing lists that require such measures?
>
> It sounds like Clay figured it out.
> The autoresponder would verify the signup email.
> I'm going to have to rework my own stuff to avoid this too.
>
> On list management, how about this:
>
> * The mailing list periodically selects out all accounts that have not
> posted and disables those accounts.
> * Sends an email to those accounts telling them they're
> disabled due to inactivity and they can reenable by clicking
> on a link.
>
> It drops people who don't read it or that delete mail unread.
> It's minimally intrusive to lurkers.
> There's no overhead for posters.
> It doesn't sound hard to implement.
>
>
> --
> SqliteImporter, SqliteReplicator: Command line utilities for Sqlite
> http://www.reddawn.net/~jsprenkl/Sqlite

RE: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-30 Thread Brandon, Nicholas (UK) 

>
> I wonder if I need to implement some kind of mechanism that requires
> you to either send a message to the mailing list or else renew your
> subscription every 3 months.  Does anybody have any experience with
> other mailing lists that require such measures?
>

As most people, they are either email replies or a link to a website.

Obviously it depends on your desired goal. If it is keeping automated
scripts away then I would suggest a link to a website to confirm signup.
On that website ask the user to enter a random set of digits displayed
on the page. (That will keep the scripts that open links in confirmation
emails away).

If the goal is a general cleansing, then your suggestion to regularly
"opt-in" sounds fine.

Nick






This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-30 Thread Jay Sprenkle 

On 5/29/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:


I wonder if I need to implement some kind of mechanism that requires
you to either send a message to the mailing list or else renew your
subscription every 3 months.  Does anybody have any experience with
other mailing lists that require such measures?


It sounds like Clay figured it out.
The autoresponder would verify the signup email.
I'm going to have to rework my own stuff to avoid this too.

On list management, how about this:

* The mailing list periodically selects out all accounts that have not
posted and disables those accounts.
* Sends an email to those accounts telling them they're
disabled due to inactivity and they can reenable by clicking on a link.

It drops people who don't read it or that delete mail unread.
It's minimally intrusive to lurkers.
There's no overhead for posters.
It doesn't sound hard to implement.


--
SqliteImporter, SqliteReplicator: Command line utilities for Sqlite
http://www.reddawn.net/~jsprenkl/Sqlite

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread John Stanton 

[EMAIL PROTECTED] wrote:

"Fred Williams" <[EMAIL PROTECTED]> wrote:


How about some form of automated(?) sequence where:

New subscriber submits subscription request.

System sends "query" message to subscriber address.

New subscriber sends "confirmation" message within reasonable time
period.

List access granted on receipt of confirmation.

At least the damn spammer would have to do a little work to be a bottom
feeder.  Too bad there must be an endless number of idiots out there (P
T Barnum postulation) or the problem would self regulate.




Such a system is already in place.  Please recall when you
signed up that you got a confirmation message that you had
to reply to before you were added to the mailing list.

And yet somehow, the spammer still managed to get signed up
using a "paypal.com" address.  How did they do that?
--
D. Richard Hipp   <[EMAIL PROTECTED]>

Is it possible to spoof the reply message?  Even if it is lost the 
villain sends what you expect the response would be, including the 
spoofed header.


It could be a classic "Man in the Middle" attack where the culprits are 
actually intercepting mail by some corrupt practice.  Spammers have 
become very cunning and a lot of money is involved.


Could you implement the type of challenge that is becoming common where 
you send an image with distorted text and require a visual decoding of 
the text in the reply for validation?  That would eliminate valid 
machine-generated responses.  Does pose a text-only problem, solved with 
a WWW link.


One other idea might be to have a regular challenge email requiring a 
reply to maintain the account.  A rule such as "fail three consecutive 
challenges and you are deleted" would be necessary to avoid eventually 
deleting all users.  A gentler variation might be to not remove the user 
but to make that user read-only by removing posting rights, preserving 
the rights of casual readers but denying access to spam.

JS

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Paul Nash 
1200 is a modest number for a mailing list . Expect it to go up to 3-4000 as 
SQLite gets more popular. One reason for the lists popularity is the 
friendliness of the list members and their willingness to respond to basic 
SQL queries. At some stage the list could be split into two. One for wrapper 
users (tcl perl) and one for those using the C API.


Regards, Paul Nash

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Alex Roston 

This is an excellent idea.

Alex


René Tegel wrote:


Hi,

Seen the popularity of sqlite, i think 1200 subscribers is very 
reasonable. Lots of people track mailing lists, only contributing 
rarely but nevertheless are interested.


You could consider a system that requires moderation by the list 
administrator for each first message a newly subscribed user posts. 
This is a small inconvenience for new members (may take some hours or 
a day before his/hers message appears on the list) but is effective 
against list spam. Several mailing list systems include such feature, 
and it appears a reasonable trade-off.


regards,

Rene

[EMAIL PROTECTED] schreef:


"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
 

dilettantes remain rude.Where we can almost borrow money from our 
earring.Hugo, the friend of Hugo and earns frequent flier miles with 
power drill near.




In order to be able to send messages to this mailing list,
the spammer above had to subscribe.  To subscribe means that
he had to respond to an email that was sent to the subscription
address.  Since his email address does not exist, I'm wondering
how he managed to pull this off.  Any ideas?

I have unsubscribed every account from "paypal.com" and "ebay.com".
All such accounts were of the form "[EMAIL PROTECTED]" or
"[EMAIL PROTECTED]", etc.  There were 7 such accounts.

After purging the accounts above, we are still left with 1217
active subscribers.  This seems like a lot to me.  I'm wondering
if some fraction of these might be inactive accounts, or accounts
belonging to people who have spam filters turned on to delete
incoming email from sqlite.org.  Does anybody have any ideas on
how we might remove people from the mailing list that do not
actually read messages from the mailing list?  When email bounces,
the user is removed automatically.  But email addresses that silently
absorb messages and never deliver them to a real human can linger
on the mailing list indefinitely. 
I wonder if I need to implement some kind of mechanism that requires

you to either send a message to the mailing list or else renew your
subscription every 3 months.  Does anybody have any experience with
other mailing lists that require such measures?

--
D. Richard Hipp   <[EMAIL PROTECTED]>

RE: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Robert Simpson 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> Sent: Monday, May 29, 2006 7:25 AM
> To: sqlite-users@sqlite.org
> Subject: Re: [sqlite] Purging the mailing list roles. Was: 
> Please Restore Your Account Access
>
> Such a system is already in place.  Please recall when you
> signed up that you got a confirmation message that you had
> to reply to before you were added to the mailing list.
> 
> And yet somehow, the spammer still managed to get signed up
> using a "paypal.com" address.  How did they do that?

If the validation utility validates on the From header (faked addr) and
replies honoring the "ReplyTo" header (real addr), then that'd be one way to
skim through.

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Markus Hoenicka 
Clay Dowling <[EMAIL PROTECTED]> was heard to say:

> You might want to consider reworking the check mechanism, using the
> capture mechanism that a lot of web forums and blogs use.  Users must
> type in text presented on a web page in the form of a graphic.  That
> will put a stop to the automated signup pretty quickly.
>

...and it will exclude the visually impaired just as quickly.

regards,
Markus

-- 
Markus Hoenicka
[EMAIL PROTECTED]
(Spam-protected email: replace the quadrupeds with "mhoenicka")
http://www.mhoenicka.de

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Clay Dowling 

[EMAIL PROTECTED] wrote:

"Fred Williams" <[EMAIL PROTECTED]> wrote:

How about some form of automated(?) sequence where:

New subscriber submits subscription request.

System sends "query" message to subscriber address.

New subscriber sends "confirmation" message within reasonable time
period.

List access granted on receipt of confirmation.

At least the damn spammer would have to do a little work to be a bottom
feeder.  Too bad there must be an endless number of idiots out there (P
T Barnum postulation) or the problem would self regulate.



Such a system is already in place.  Please recall when you
signed up that you got a confirmation message that you had
to reply to before you were added to the mailing list.

And yet somehow, the spammer still managed to get signed up
using a "paypal.com" address.  How did they do that?


[EMAIL PROTECTED] at least does have an auto-responder.  The message 
contains the text of any message sent to it, appended to the bottom of 
the email.  That would serve to automatically validate the check email.


You might want to consider reworking the check mechanism, using the 
capture mechanism that a lot of web forums and blogs use.  Users must 
type in text presented on a web page in the form of a graphic.  That 
will put a stop to the automated signup pretty quickly.


Clay
--
CeaMuS, Simple Content Management
http://www.ceamus.com

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Jalil Vaidya 
--- [EMAIL PROTECTED] wrote:

> And yet somehow, the spammer still managed to get
> signed up
> using a "paypal.com" address.  How did they do that?

Its probably very easy to screen scrape the message to
harvest every link in the confirmation message and do
a wget on it! I must admit that I do not remember what
the confirmation message looks like when signing up
for sqlite but most of such mails have a link to click
on or just need to reply to the mail. Both of the ways
are very easy automate. 

I am wondering if paypal supports Domain Keys (or some
other such mechanism) like yahoo does that ensures
that the mail actually came from that domain. If they
do then it would help to implement such checks for
"blacklisted" (sic) domains such as paypal or ebay.

Like other members mentioned before, I respond once in
a blue moon too but don't mind having to confirm my
membership every month or three. It is just going to
be a little bit of hassle...

Regards,

Jalil Vaidya

01001010
0111
01101100
01101001
01101100

RE: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Fred Williams 
Here's an example:
---
Hi Fred Willisams,

Please click on the following link to activate your account. Then start
Worksite CD and click 'Yes' to get current prices at your local Home
Depot:

Please Click Here!

Thank you for using The Home Depot Worksite CD. If you need help with
Worksite CD or have a question about getting daily price updates, please
call 760-438-3254 between 8 AM and 5 PM (Pacific) Monday through Friday.
We'll be glad to help.

The Worksite CD Team
[EMAIL PROTECTED]

The link above points to:
://vf110.probookcd.com/[EMAIL PROTECTED]
y=bf3y9e9txka

--


> -Original Message-
> From: Fred Williams [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 29, 2006 9:07 AM
> To: sqlite-users@sqlite.org
> Subject: RE: [sqlite] Purging the mailing list roles. Was: Please
> Restore Your Account Access
>
>
> How about some form of automated(?) sequence where:
>
>   New subscriber submits subscription request.
>
>   System sends "query" message to subscriber address.
>
>   New subscriber sends "confirmation" message within
> reasonable time
> period.
>
>   List access granted on receipt of confirmation.
>
> At least the damn spammer would have to do a little work to
> be a bottom
> feeder.  Too bad there must be an endless number of idiots
> out there (P
> T Barnum postulation) or the problem would self regulate.
>
> Fred
>
> > -Original Message-
> > From: René Tegel [mailto:[EMAIL PROTECTED]
> > Sent: Monday, May 29, 2006 7:13 AM
> > To: sqlite-users@sqlite.org
> > Subject: Re: [sqlite] Purging the mailing list roles. Was: Please
> > Restore Your Account Access
> >
> >
> > Hi,
> >
> > Seen the popularity of sqlite, i think 1200 subscribers is very
> > reasonable. Lots of people track mailing lists, only
> > contributing rarely
> > but nevertheless are interested.
> >
> > You could consider a system that requires moderation by the list
> > administrator for each first message a newly subscribed user
> > posts. This
> > is a small inconvenience for new members (may take some hours
> > or a day
> > before his/hers message appears on the list) but is
> effective against
> > list spam. Several mailing list systems include such feature, and it
> > appears a reasonable trade-off.
> >
> > regards,
> ...
>

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread drh 
"Fred Williams" <[EMAIL PROTECTED]> wrote:
> How about some form of automated(?) sequence where:
> 
>   New subscriber submits subscription request.
> 
>   System sends "query" message to subscriber address.
> 
>   New subscriber sends "confirmation" message within reasonable time
> period.
> 
>   List access granted on receipt of confirmation.
> 
> At least the damn spammer would have to do a little work to be a bottom
> feeder.  Too bad there must be an endless number of idiots out there (P
> T Barnum postulation) or the problem would self regulate.
> 

Such a system is already in place.  Please recall when you
signed up that you got a confirmation message that you had
to reply to before you were added to the mailing list.

And yet somehow, the spammer still managed to get signed up
using a "paypal.com" address.  How did they do that?
--
D. Richard Hipp   <[EMAIL PROTECTED]>

RE: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Fred Williams 
How about some form of automated(?) sequence where:

New subscriber submits subscription request.

System sends "query" message to subscriber address.

New subscriber sends "confirmation" message within reasonable time
period.

List access granted on receipt of confirmation.

At least the damn spammer would have to do a little work to be a bottom
feeder.  Too bad there must be an endless number of idiots out there (P
T Barnum postulation) or the problem would self regulate.

Fred

> -Original Message-
> From: René Tegel [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 29, 2006 7:13 AM
> To: sqlite-users@sqlite.org
> Subject: Re: [sqlite] Purging the mailing list roles. Was: Please
> Restore Your Account Access
>
>
> Hi,
>
> Seen the popularity of sqlite, i think 1200 subscribers is very
> reasonable. Lots of people track mailing lists, only
> contributing rarely
> but nevertheless are interested.
>
> You could consider a system that requires moderation by the list
> administrator for each first message a newly subscribed user
> posts. This
> is a small inconvenience for new members (may take some hours
> or a day
> before his/hers message appears on the list) but is effective against
> list spam. Several mailing list systems include such feature, and it
> appears a reasonable trade-off.
>
> regards,
...

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Clay Dowling 

[EMAIL PROTECTED] wrote:


In order to be able to send messages to this mailing list,
the spammer above had to subscribe.  To subscribe means that
he had to respond to an email that was sent to the subscription
address.  Since his email address does not exist, I'm wondering
how he managed to pull this off.  Any ideas?

I have unsubscribed every account from "paypal.com" and "ebay.com".
All such accounts were of the form "[EMAIL PROTECTED]" or
"[EMAIL PROTECTED]", etc.  There were 7 such accounts.


I would start by putting a filter in front of the list that won't accept 
anything with @paypal.com or @ebay.com, not just at signup time but when 
the messages are received.


As to how he pulled it off, there's probably an auto-responder on those 
addresses.


Clay Dowling
--
http://www.lazarusid.com/notes/
Lazarus Notes
Articles and Commentary on Web Development

AW: Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread michael . ruck 
I second this. I don't mind having to post or refresh my subscription every 
once in a while. It would however be important for me to receive a notification 
to refresh my subscription instead of just silently removing my subscription.

HTH,
Mike

>Hi,
>
>I think many of the 1217 active subscribers are people like me who tune in to 
>
>the list but only contribute once in a blue moon.
>
>I do not have any objection to a "send email to keep your subscription active" 
>
>idea, but I have never seen that used in the other mailing lists that I 
>subscribe to.
>
>Regards,
>Eugene Wee
>
>[EMAIL PROTECTED] wrote:
>> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>>> dilettantes remain rude.Where we can almost borrow money from our 
>>> earring.Hugo, the friend of Hugo and earns frequent flier miles 
>>> with power drill near.
>> 
>> In order to be able to send messages to this mailing list,
>> the spammer above had to subscribe.  To subscribe means that
>> he had to respond to an email that was sent to the subscription
>> address.  Since his email address does not exist, I'm wondering
>> how he managed to pull this off.  Any ideas?
>> 
>> I have unsubscribed every account from "paypal.com" and "ebay.com".
>> All such accounts were of the form "[EMAIL PROTECTED]" or
>> "[EMAIL PROTECTED]", etc.  There were 7 such accounts.
>> 
>> After purging the accounts above, we are still left with 1217
>> active subscribers.  This seems like a lot to me.  I'm wondering
>> if some fraction of these might be inactive accounts, or accounts
>> belonging to people who have spam filters turned on to delete
>> incoming email from sqlite.org.  Does anybody have any ideas on
>> how we might remove people from the mailing list that do not
>> actually read messages from the mailing list?  When email bounces,
>> the user is removed automatically.  But email addresses that silently
>> absorb messages and never deliver them to a real human can linger
>> on the mailing list indefinitely.  
>> 
>> I wonder if I need to implement some kind of mechanism that requires
>> you to either send a message to the mailing list or else renew your
>> subscription every 3 months.  Does anybody have any experience with
>> other mailing lists that require such measures?
>> 
>> --
>> D. Richard Hipp   <[EMAIL PROTECTED]>
>> 
>

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread René Tegel 

Hi,

Seen the popularity of sqlite, i think 1200 subscribers is very 
reasonable. Lots of people track mailing lists, only contributing rarely 
but nevertheless are interested.


You could consider a system that requires moderation by the list 
administrator for each first message a newly subscribed user posts. This 
is a small inconvenience for new members (may take some hours or a day 
before his/hers message appears on the list) but is effective against 
list spam. Several mailing list systems include such feature, and it 
appears a reasonable trade-off.


regards,

Rene

[EMAIL PROTECTED] schreef:

"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
  
dilettantes remain rude.Where we can almost borrow money from our 
earring.Hugo, the friend of Hugo and earns frequent flier miles 
with power drill near.



In order to be able to send messages to this mailing list,
the spammer above had to subscribe.  To subscribe means that
he had to respond to an email that was sent to the subscription
address.  Since his email address does not exist, I'm wondering
how he managed to pull this off.  Any ideas?

I have unsubscribed every account from "paypal.com" and "ebay.com".
All such accounts were of the form "[EMAIL PROTECTED]" or
"[EMAIL PROTECTED]", etc.  There were 7 such accounts.

After purging the accounts above, we are still left with 1217
active subscribers.  This seems like a lot to me.  I'm wondering
if some fraction of these might be inactive accounts, or accounts
belonging to people who have spam filters turned on to delete
incoming email from sqlite.org.  Does anybody have any ideas on
how we might remove people from the mailing list that do not
actually read messages from the mailing list?  When email bounces,
the user is removed automatically.  But email addresses that silently
absorb messages and never deliver them to a real human can linger
on the mailing list indefinitely.  


I wonder if I need to implement some kind of mechanism that requires
you to either send a message to the mailing list or else renew your
subscription every 3 months.  Does anybody have any experience with
other mailing lists that require such measures?

--
D. Richard Hipp   <[EMAIL PROTECTED]>

Re: [sqlite] Purging the mailing list roles. Was: Please Restore Your Account Access

2006-05-29 Thread Eugene Wee 

Hi,

I think many of the 1217 active subscribers are people like me who tune in to 
the list but only contribute once in a blue moon.


I do not have any objection to a "send email to keep your subscription active" 
idea, but I have never seen that used in the other mailing lists that I 
subscribe to.


Regards,
Eugene Wee

[EMAIL PROTECTED] wrote:

"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
dilettantes remain rude.Where we can almost borrow money from our 
earring.Hugo, the friend of Hugo and earns frequent flier miles 
with power drill near.


In order to be able to send messages to this mailing list,
the spammer above had to subscribe.  To subscribe means that
he had to respond to an email that was sent to the subscription
address.  Since his email address does not exist, I'm wondering
how he managed to pull this off.  Any ideas?

I have unsubscribed every account from "paypal.com" and "ebay.com".
All such accounts were of the form "[EMAIL PROTECTED]" or
"[EMAIL PROTECTED]", etc.  There were 7 such accounts.

After purging the accounts above, we are still left with 1217
active subscribers.  This seems like a lot to me.  I'm wondering
if some fraction of these might be inactive accounts, or accounts
belonging to people who have spam filters turned on to delete
incoming email from sqlite.org.  Does anybody have any ideas on
how we might remove people from the mailing list that do not
actually read messages from the mailing list?  When email bounces,
the user is removed automatically.  But email addresses that silently
absorb messages and never deliver them to a real human can linger
on the mailing list indefinitely.  


I wonder if I need to implement some kind of mechanism that requires
you to either send a message to the mailing list or else renew your
subscription every 3 months.  Does anybody have any experience with
other mailing lists that require such measures?

--
D. Richard Hipp   <[EMAIL PROTECTED]>